Can An IPhone Be Hacked?

How iPhones Get Hacked

There are plenty of popular methods to get around iPhone security, and most of them involve tricking the user.

Sketchy Wi-Fi Connections

We’ve all encountered suspicious public Wi-Fi networks asking for a lot of personal info upfront, followed by around 100 pages of terms and conditions. We’ve caved in desperate moments, sometimes even without using a VPN to hide our browsing history and hide our IP addresses. These are the places we most often encounter sketchy Wi-Fi networks:

• Airports: Many airports across the U.S. have their own public Wi-Fi networks for passengers. These networks are just as insecure as any other public Wi-Fi network. Essentially, any Wi-Fi network that asks for detailed personal information or is operated by a third party raises even more red flags (we’re looking at you, Boingo!)2
• Budget hotels/motels: The upkeep on an expansive Wi-Fi network with hundreds of unique users and private connections is costly, so many affordable hotels opt to use one open network.
• Cafes and bars: “Free Wi-Fi” is virtually synonymous with coffee shops. While that Boingo pop-up at the airport probably raises your defenses, we’re willing to bet you don’t think twice about connecting to Starbucks’ Wi-Fi anymore.

Sketchy URLs

For anyone who still needs to hear it: never click on a link if you don’t recognize the sender or can’t verify that it comes from a trusted source. That tip alone will keep you safe from most online scams. Phishing is still one of the most popular internet scam techniques and comes in various forms, like these:

1. Emails: These phishing emails aren’t like the kind from 20 years ago, where a randomized email address would send you a 200-character link to a “free cruise.” The more successful phishing emails you might encounter do a great job of impersonating account providers like Google, Amazon, or Apple, telling you to update your password or account bio.
2. SMS: Text messages are a more recent favorite of phishers, relying on the quantity-over-quality technique. Typically, phishing text messages are referred to as “smishing.”
3. Phone calls: Scam callers inundate U.S. phone numbers all day long. Phishing calls usually ask the target to call back about something relevant to the user, like debt restructuring, mortgages, or car payments.
4. Social media: Social media accounts that show up as targeted ads are a new favorite phishing method, as we’re more likely to click on them.
5. Web ads: Since the early days of the internet, sometimes clickbait ads contain adware that’s hard to remove. But scammers keep making adware because many people still click on banner or pop-up ads.
6. Fraudulent software: The least-known phishing method, fraudulent versions of popular software tools can show up shockingly high in a Google search. Sometimes the websites offer a “free” version of paid software (although free software can be legitimate, as we’ve seen with free VPNs and free antivirus software).

Sketchy Apps

The adage for free social media platforms or apps is, “If they don’t charge you for the product, you are the product.” There’s a library’s worth of writing about how Facebook and Google sell user data. And only specific situations allow you to get your personal information deleted from Google. However, apps that aren’t cultural touchstones can still spy on you, especially if you permit them to do so.

Favorite targets for malware and spyware are simple apps with offerings for “free” wallpapers or ringtones, and novelty camera apps like FaceApp. Even apps from well-rated developers may still be malicious. Look out for these red flags:

1. High power draw or overheating: If your battery heats up or drains faster while you use a particular app, it may be performing more tasks on your phone than advertised.
2. Unnecessary permissions: A fitness-tracking iPhone app on your phone shouldn’t need access to your contacts. If it’s not taking pictures or video, an app shouldn’t need your camera and mic.
3. Unusual mobile device behavior: If you notice a change in your device’s behavior, usability, or software interface after you download an app, it could be a sign of something more nefarious.

Sketchy People

Sometimes, the call may be coming from inside the house, metaphorically speaking.

1. Stalkerware: Stalkers, abusive ex-partners, current partners, or family members can install a type of spyware sometimes referred to as “stalkerware” to track your every move and keystroke.3 Our post-breakup safety report outlines how, even in many non-abusive scenarios, an ex-partner can be a security risk. Around 22 percent of both men and women reported a financial security breach from an ex, for example.
2. Direct data transfer: A much easier attack to carry out is stealing data manually. If you leave your phone unattended and unlocked, individuals with bad intentions can hook your phone up to another device and download files and data directly. Direct data transfer is more common with abusive partners or family members because of their frequent proximity to you and, thus, access to your device.

Sketchy Governments

Sketchy governments are a hacking threat primarily for journalists and political activists in undemocratic countries, which leads to greater VPN usage. However, historically oppressed peoples are at much higher risk of government surveillance than the average citizen.4

For the average American user, there might be a few scenarios when you need to worry about a government entity stealing your personal data:

1. Trip to a totalitarian state: A foreigner visiting China might realize that everything is easier to navigate with social media and e-commerce apps like WeChat, Alipay, or QQ. Hundreds of millions of Chinese citizens use them every day. As a result, these apps are targets of internet censorship and broad government surveillance.5
2. High-profile activism: Saying you stand with Hong Kong has become a famous rallying cry around the world, but it’s unlikely to make you a target of the Chinese Communist Party. However, if you’re Vladimir Putin critic Bill Browder, you should expect some state-sponsored hacking attempts to come your way.6