I think my iPad 2 got hacked... Oops!

So I was browsing the interwebs for a book from my homeland that I heard was readily available in the lovely PDF format. I find a random website, one of those file hosting sites and it had a link to download the PDF. I click on it, yes I was an idiot, and a blank 20 page PDF opens up.

Got a bit nervous, but didn't linger on it. After a bit of time I ws downloading SkyFire as well as updating a few apps and lo n' be hold all kinda craziness is taking place on my iPad.

1- the SkyFire installation froze on the very last bit.
2- I noticed that some of the apps that were being updated, that we also in
Seperate folders, aree miraclously out of the folders and on the main screen
3- another app that wasn't being updating, also that I haven't. Used in a while
(Cool Hunting) Ks also outside of the folder and on the main screen!!

The first thing I did was wipe my iPad clean, and restored it from a 3 day old back up. Whew!

My worry is that I am not sure of my passwords are compromised or not, the main one I am worried about is my banks's that I had used within seconds before I stumbled on the dreadful PDF file

This is an iPad 2 with all the latest updates on it as well... Just for reference.

Hope my mistake saves someone else th e trouble.

Cheers,

Mina

Just to make things clear... I already changed my passwords within minutes of all this. So I should be in the clear, but it's an annoying situation that I should've easily avoided.

Oh well, I had my stupid mistake for the year.

I highly doubt a malicious PDF hacked your iPad and rearranged your apps. Are you sure you didn't just sync with your Mac, which updated and installed some apps?

Well, the iPad was certainly not connected to my MacBook. It was in my hands when all of the above went down.

got hacked - me too

Hi,

i came to this thread because i was googleing around for my newest problem:

Yesterday i connected my ipad to the power-charger and then wanted to run the ipod/itunes - app. I clicked on the icon, no response, the icon just jiggled for a short time, i tried again and then all of a sudden "Mail" opened. I watched.. Someone was browsing my Mail-Folder, then on Safari checking links to google-mail and some other sites. ****. After 3 Minutes the "Visitor" left. I shut down my ipad, disabled wlan, and then turned it on again.

Any Ideas guys? Sure i can re-install it, even without my backup (which could be infected too). But how can i be sure to not get hacked again?

- My ipad 1 is not jailbreaked, Verion 4.3.1 (8g4).

- I got some pdfs from wa/ez websites, maybe one was infected. I got no clue.

- the remote-trojan got active as i put my Ipad on charge, clever.


Greetings,
schmall

The iPad cannot be "hacked" and controlled from afar. There are no viruses that will infect an iPad. It would be easier to get a virus on a Mac. Do you have a ghost or faulty touchscreen? Possible. I would take it to the nearest Apple Store and have them look for it. You have a 1 year warranty, take advantage of it.

Especially if you are not jailbroken.

When its possible to jailbreak via an prepared pdf (jailbreak me) it should be possible for a talented/pro-criminal coder to jailbreak your ipad with an infected pdf and run some code which downloads and installs a remote-login (ala vnc) app.

Jailbreaked -> rooted.

I also thought about the broken touchscreen or cached fingertip-actions but:

-it doesnt look like random clicks, he went to my google-login and to another shop-site which link was in an email.
-the guy which controlled it selected the clear-history function

-> this looks like hacking!

btw i checked my ipad with Virus Barrier X6 - nothing found.

Greets
schmall

He did say it was not jailbroken. Also, something like this (hacking and taking control of an ipad) would be big in the presses and would have been heard about long before now.

Besides, visiting and downloading anything from a wa/rez site you get what you deserve.

- I got some pdfs from wa/ez websites, maybe one was infected. I got no clue.

Click to expand...

I don't know if you were hacked or not. I suppose anything is possible and there are some very clever hackers out there. However, when you do anything on a warez site (even browsing) you're asking for trouble.

And, there is certainly no reason to go to a warez site unless you're looking for something for free and illegal.

@deckyon:
i think the same, but MinaMACMan got also issues. And he reinstalled his ipad. Think many users would do the same and not writing it to a forum.
Some exploits are known to BlackHats for Years before they come to the press. Also, the trojan got active as i plugged the pad to the docking-station - so the haxxors could assume I am not using it, just chargin.

@chscag
wa/rez stuff: i just been honest. but if someone is going for infiltrating a company or the usual mommy they have other ways: Faked Emails, bit.ly - Links on Social Networks etc.
Just sayin: Keep off the Warez-Sites is not safe-enough.

My Intention of writing here is to ask some of the advanced guys how i should came on the tracks of this hacking. I.E. Jailbreak it and grep the processes for "remote".

Bye,
Schmall

I have seen apps jump out of folders - but a reset will put them back in. This tends to happen when I am updating and the update of programs doesn't complete or goes south. I will usually see hidden apps show up as well.

Note - as stated there was already a jailbreak that uses a corrupted pdf to jailbreak iOS.
Jailbreakme site utilizes PDF exploit in iOS
It could be someone found another exploit (as the jailbreak in the story has already been patched.)
If there is - then making a remote attack is pretty easy - once the device is unwittingly jailbroken. You are talking about package installing, veency, and ssh - then sending some notification that someone fell for it. The default logins/passwords are well known - so logging in would be nothing. None of the packages involved would show up on a virus scanner - these are standard/known Unix packages.

I would be surprised if there was an unannounced pdf exploit that could be used for jailbreaking as there are many people looking for ways to jailbreak iOS. That being said, stranger things have happened.

Ipad2 is hacked

I believe the hack. My unbroken ipad2 has some how hacked my Ubuntu 10.10 box. Both in same network but no one was using it. I checked the mail on my Linux box and sure enough the iPad was the last to log on. Is there a command prompt on the ipad2 available without JbreakiN?