iPhone 3GS security question - Can it be 'hacked'?

[dt81]

Hey guy, my friend has a 3GS and after she purchased it she installed facebook and twitter. Shortly after someone was contacting people on her friends list (facebook) saying they hacked her phone. So she deleted that facebook account and her e-mail address and created a new one (fb and email) and it happened again. So she just came to me today asking about how to stop this..She's running iOS 4.1 and is NOT jailbroken. Making me scratch my head on this one...I do know that the person 'hacking' is using an iphone as well located some where around the Brooklyn, NY area as that is where their IP is pointing too. So my question is, is it possible that someone can really 'attack' an her phone and obtain all this information? if so how or what can be done to narrow down possibilities?

 

[anon(4697585)]

Possible yes... probable no.

Just make sure you use strong passwords and keep them private. I'd also make sure you use a passcode and again, don't make it too obvious to what it is.

 

[big9erfan]

If they are contacting people using her facebook account, likely the only thing exploited was her facebook account, not the phone itself. If she connected to a public wifi as well, she could have sent her username and password as plain text and anyone watching the traffic would have picked it up.

Lock down the facebook account and go from there.

 

[anon(4698833)]

It's a pretty good assumption that her facebook is the only thing being hacked, not her iPhone...while it is far from impossible, im guessing someone who was bent on simply harassing someone's facebook friends would go through the trouble of the process of getting into a person's iPhone and all that comes with that.

Sure fire way of fixing this problem would be to eliminate all passwords on the iPhone, facebook and the network she uses at home and start fresh.

 

[anon(4697585)]

the Facebook app sends passwords in AES-256 bit encrypted keys so even on public wi-fi that would take a while to crack even to an experienced hacker.

 

[big9erfan]

the Facebook app sends passwords in AES-256 bit encrypted keys so even on public wi-fi that would take a while to crack even to an experienced hacker.

The app may, but the normal website login, I don't think it does.

 

[dt81]

Thanks guys, I had her remove the FB app and told her not to use it for a while to see what happens. I gave her a new e-mail address with my domain so we'll see if that helps. I also have a concern that she might have a keylogger on her pc running so when I get a hold of her today Im gonna have her take a screen cap of her processes running. I just thought it was coincidence that this had not happen before she had her 3GS but started 2 days after she got it.

 

[ghostface147]

A phone can be hacked, but it's not easy. UTMS is far more secure than EDGE, but it still can happen. As you decided, let it rest for a few days and see what happens. No issue on FB, reload it on her phone. If it does happen as soon as it's on her phone, something is up.

<singing> oooooooeeeee....what's up with that? what's up with that?</end singing>

 

[TampaDude]

the Facebook app sends passwords in AES-256 bit encrypted keys so even on public wi-fi that would take a while to crack even to an experienced hacker.

If by "a while", you mean far longer than the age of the universe, then yeah, it would take "a while". AES-256 is pretty damn secure. A device that could check a billion billion (10^18) AES keys per second would require about 3?10^51 years to exhaust the 256-bit key space and consume many terawatts of power per year doing so. Obviously, this is not feasible, no matter how "elite" of a hacker you are.

The person probably guessed her password. Tell her to use stronger passwords.