Can Your iPhone Be Hacked?
The iPhone has earned a reputation as a security-focused device thanks (in part) to Apple’s iron grip on the ecosystem. However, no device is perfect when it comes to security. So, can your iPhone be hacked? What are the risks?
What It Means to “Hack” an iPhone
Hacking is a loose term that’s often used incorrectly. Traditionally, it refers to illegally gaining access to a computer network. In the context of an iPhone, hacking could refer to any of the following:
- Gaining access to someone’s private information stored on an iPhone.
- Monitoring or using an iPhone remotely without the owner’s knowledge or consent.
- Changing the way an iPhone operates by using additional soft- or hardware.
Technically, someone guessing your passcode could constitute hacking. The installation of monitoring software on your iPhone so someone can spy on your activities might also be something you’d expect a “hacker” to do.
There’s also jailbreaking, or the act of installing custom firmware on a device. This is one of the more modern definitions of hacking, but it’s also widely used. Lots of people have “hacked” their own iPhones by installing a modified version of iOS to remove Apple’s restrictions.
Malware is another problem that’s hit the iPhone before. Not only have apps on the App Store been classified as malware, but zero-day exploits have also been found in Apple’s web browser, Safari. This allowed hackers to install spyware that circumvented Apple’s security measures and steal personal information.
The jailbreaking space moves quickly. It’s a constant game of cat and mouse between Apple and tweakers. If you keep your device up to date, you’re most likely “safe” against any hacks that rely on the jailbreaking method.
However, that’s no reason to let your guard down. Hacking groups, governments, and law enforcement agencies are all interested in finding ways around Apple’s protections. Any of them could discover a breakthrough at any moment and not notify Apple or the public.
Your iPhone Can’t Be Used Remotely
Apple doesn’t let anyone remotely control an iPhone via remote access apps, like TeamViewer. While macOS ships with a virtual network computing (VNC) server installed that allows your Mac to be remotely controlled if you enable it, iOS does not.
This means you can’t control someone’s iPhone without jailbreaking it first. There are VNC servers available for jailbroken iPhones that enable this functionality, but stock iOS does not.
iOS uses a robust permissions system to grant apps explicit access to particular services and information. When you first install a new app, you’re often asked to grant permission to location services or the iOS camera. Apps literally cannot access this information without your explicit permission.
There’s no level of permission available within iOS that grants full access to the system. Each app is sandboxed, which means the software is sectioned off from the rest of the system in a safe “sandbox” environment. This prevents potentially harmful apps from affecting the rest of the system, including limiting access to personal information and app data.
You should always be wary of the permissions you grant an app. For example, an app like Facebook wants access to your contacts, but it doesn’t require this to function. Once you grant access to this information, the app can do whatever it wants with that data, including uploading it to a private server and storing it forever. This might violate Apple’s developer and App Store agreement, but it’s still technically possible for an app to do so.
While it’s normal to worry about attacks on your device from nefarious sources, you’re probably more at risk of giving your personal information away to a “safe” app that simply asked politely. Review your iPhone app permissions routinely, and always think twice before agreeing to an app’s demands.
Apple ID and iCloud Security
Your Apple ID (which is your iCloud account) is probably more susceptible to outside interference than your iPhone. The same as any online account, many third parties can get a hold of your credentials.
You probably already have two-factor authentication (2FA) enabled on your Apple ID. Still, you might want to make sure by going to Settings > [Your Name] > Password and Security on your iPhone. Tap “Turn on Two-Factor Authentication” to set it up if it’s not already enabled.
In the future, whenever you log in to your Apple ID or iCloud account, you’ll need to enter a code sent to your device or phone number. This prevents someone from logging in to your account even if he or she knows your password.
Even 2FA is susceptible to social engineering attacks, however. Social engineering has been used to transfer a phone number from one SIM to another. This could hand a would-be “hacker” the final piece of the puzzle to your entire online life if they already know your master email password.
This isn’t an attempt to scare you or make you paranoid. However, it does demonstrate how anything can be hacked if given enough time and ingenuity. You shouldn’t worry excessively about this stuff, but do be aware of the risks and remain vigilant.
What About iPhone “Spy” Software?
One of the closest things to a hack to affect iPhone owners is so-called spy software. These apps prey on paranoia and fear by inviting people to install monitoring software on devices. These are marketed to concerned parents and suspicious spouses as a way of keeping track of someone else’s iPhone activity.
These applications can’t function on stock iOS, so they require the device to be jailbroken first. This opens the iPhone to further manipulation, gaping security problems, and potential app compatibility issues, as certain apps won’t work on jailbroken devices.
After the device is jailbroken and the monitoring service is installed, people can spy on individual devices from web control panels. That person will see every text message sent, the details of all calls made and received, and even new photos or videos snapped with the camera.
These apps won’t work on the latest iPhones (including the XS, XR, 11, and the latest SE), and only a tethered jailbreak is available for some iOS 13 devices. They’ve fallen from grace because Apple makes it so difficult to jailbreak the recent devices, so they pose little threat under iOS 13.
However, it won’t stay that way forever. With each big jailbreak development, these companies start marketing again. Not only is spying on a loved one questionable (and illegal), jailbreaking someone’s device also exposes it to the risk of malware. It also voids any warranty he or she might have left.
Wi-Fi Might Still Be Vulnerable
Regardless of which device you’re using, unsecured wireless networks still pose one of the greatest threats to mobile device security. Hackers can (and do) use “man in the middle” attacks to set up fake, unsecured wireless networks to capture traffic.
By analyzing this traffic (known as packet sniffing), a hacker might be able to see the information you’re sending and receiving. If this information is unencrypted, you could be leeching passwords, login credentials, and other sensitive information.
Be smart and avoid using unsecured wireless networks, and be mindful whenever you’re using a public network. For ultimate peace of mind, encrypt your iPhone traffic with a VPN.