How to Detect Spywa...
 
Notifications
Clear all

How to Detect Spyware on iPhone  

  RSS
CopyRight
(@copyright)
Active Member

I have received an iPhone 11 running iOS 13.5 that has unexplained usage. i.e..i can see while the phone was with me for the past 24 hours; Screen time records show intense activity even at midnight when no one has access to the phone. These activities include social media apps and iMessage.

 

It is suspected that the phone has a spyware installed on it.

 

anyway to clear out this suspicion?

 

Thanks

Quote
Posted : 15/06/2020 9:21 am
Rich2005
(@rich2005)
Senior Member

Can you provide more detail.

Ie, based on your description, it's not clear if the phone is on, connected to network/wifi, etc.

If it was on and connected to network/wifi could this simply be as a result of activity on their accounts from another device and being synced to this one.

ReplyQuote
Posted : 15/06/2020 10:17 am
droopy
(@droopy)
Active Member

Iphone spyware do not survive a turn off of device (reboot). Just do a reboot and recheck.

Maybe an application is doing a lot of pings to server

ReplyQuote
Posted : 15/06/2020 6:19 pm
Em-Belkasoft
(@em-belkasoft)
Junior Member
Posted by: @droopy

Iphone spyware do not survive a turn off of device (reboot). Just do a reboot and recheck.

Maybe an application is doing a lot of pings to server

Why should he reboot to test things?

If he reboots the iPhone—and if he's right about a spyware being on the iPhone; and if you are also right about spyware in iPhones not surviving a reboot—then he might lose the spyware and might struggle to find traces of it. Unfortunately, this outcome—which can result from different variables—is too ambiguous to clear out his suspicions about a spyware being there or not. 

This post was modified 3 months ago by Em-Belkasoft
ReplyQuote
Posted : 15/06/2020 8:27 pm
cs1337
(@cs1337)
Member

could be a defective digitizer

ReplyQuote
Posted : 16/06/2020 5:04 am
CopyRight
(@copyright)
Active Member
Posted by: @rich2005

Can you provide more detail.

Ie, based on your description, it's not clear if the phone is on, connected to network/wifi, etc.

If it was on and connected to network/wifi could this simply be as a result of activity on their accounts from another device and being synced to this one.

Yes, So This Isn't a forensic case, its a matter of expert opinion, the phone has cellular data and the phone is on. So you are suggesting that maybe the person is accessing thru icloud, but the person confirm he does not use this account from other devices. so maybe someone else has access to icloud credentials?

ReplyQuote
Posted : 16/06/2020 6:12 am
CopyRight
(@copyright)
Active Member
Posted by: @droopy

Iphone spyware do not survive a turn off of device (reboot). Just do a reboot and recheck.

Maybe an application is doing a lot of pings to server

Interesting, never knew that! are your certain that spyware on iphone does not survive a reboot?

How come ? any technical explanation for that?

ReplyQuote
Posted : 16/06/2020 6:13 am
CopyRight
(@copyright)
Active Member
Posted by: @em-belkasoft
Posted by: @droopy

Iphone spyware do not survive a turn off of device (reboot). Just do a reboot and recheck.

Maybe an application is doing a lot of pings to server

Why should he reboot to test things?

If he reboots the iPhone—and if he's right about a spyware being on the iPhone; and if you are also right about spyware in iPhones not surviving a reboot—then he might lose the spyware and might struggle to find traces of it. Unfortunately, this outcome—which can result from different variables—is too ambiguous to clear out his suspicions about a spyware being there or not. 

Yes, and it would be interesting if someone has a framework on how to deal with such a scenario!

ReplyQuote
Posted : 16/06/2020 6:29 am
CopyRight
(@copyright)
Active Member

@cs1337 I'm certain it's not the digitizer, screen time will not record activity upon digitizer malfunction.

ReplyQuote
Posted : 16/06/2020 6:31 am
cs1337
(@cs1337)
Member

do you have access to Cellebrite? You can image the device and run malware scanner which will use bit defender definition file. I believe it would be better if you can get a checkm8 extraction if compatible but I see you don't want to reboot the device.

 

Do you see any remote control apps like teamviewer or anydesk installed?

ReplyQuote
Posted : 16/06/2020 6:42 am
Rich2005
(@rich2005)
Senior Member

I've not tested this kind of thing myself, however based on the fact there's an option for syncing screen time data, I would try to rule that out before more complex malware relating issues.

https://appletoolbox.com/use-screen-time-in-macos-and-sync-your-mac-to-other-devices/

This post was modified 3 months ago by Rich2005
ReplyQuote
Posted : 16/06/2020 8:17 am
CopyRight
(@copyright)
Active Member
Posted by: @cs1337

do you have access to Cellebrite? You can image the device and run malware scanner which will use bit defender definition file. I believe it would be better if you can get a checkm8 extraction if compatible but I see you don't want to reboot the device.

 

Do you see any remote control apps like teamviewer or anydesk installed?

Yes, I do have PA. I am currently having issues running malware scanner. I'm resolving the issues and will try to run it once again. 

 

No remote control apps installed.

ReplyQuote
Posted : 16/06/2020 9:40 am
CopyRight
(@copyright)
Active Member
Posted by: @rich2005

I've not tested this kind of thing myself, however based on the fact there's an option for syncing screen time data, I would try to rule that out before more complex malware relating issues.

https://appletoolbox.com/use-screen-time-in-macos-and-sync-your-mac-to-other-devices/

Beautiful Read Rich, thanks for sharing this relating article. I will make sure if this option is enabled on the devices and get back to you.

ReplyQuote
Posted : 16/06/2020 9:42 am
Share: