0

I hope this is the correct stackexchange website to ask this, if it's not I'm sorry.

Some time ago I started giving private lectures to a girl and she told me, a computer engineering student, that someone she knows is hunting her and managed to gain access to both her mobile phone (some iPhone I think, she generically said 'apple') and personal computer (also Apple), downloaded her personal photos, peered into her google account, changed her passwords many other thing, and she's been struggling for almost one year now to try getting rid of it.

While I'd love to work into information security one day, I don't have enough knowledge about the Apple world to help her on my own and I thought when she'll be back (she's away on business right now) that a good way to protect her would have been to

  1. Doing a clean install of her mobile phone's OS
  2. Doing a clean install of her PC
  3. Setting a 2FA or MFA on her google account so that to access anyone needs to be physically in possess of her mobile phone
  4. Blocking all the incoming SMS (I know you can be infected via external links from SMS messages, she thinks she shouldn't be forced to do this and she wants to behave like she did before this all happened, and I feel her, but this way she'll never be completely safe).

Is there something else I can do to remove everything and keep her safe? I know some malwares and spywares literally infiltrate into the bootloader or the BIOS and if this is the case (can't tell if it is) just clean installing won't be enough, nor a factory reset... We're willing to pay specialized technicians to do the job, no matter the price, just in case do you know any reliable company that can do the job?

Thanks!

Baffo rasta
  • 101
  • 2

1 Answers1

0

Unless she is a very high value target, this sounds like an iCloud breach and not malware on her iPhone and Mac. It's a pretty intense breach to hit both an iPhone and Mac these days and far easier to gain access to her iCloud account.

I'd recommend having her change her iCloud password and enable 2FA. Then, see if she can look at her login records on iCloud to confirm an attacker. In addition, ask if she's recently gotten weird emails from what she thought was "iCloud" asking her to enter in her password or some other quick action needed.

MikeSchem
  • 2,311
  • 1
  • 13
  • 36
  • Thank you for your reply, it might be a possibility and I suggested her to contact Apple support and request a log of all the logins to her account. Meanwhile my doubt was: will this allow the attacker to access her gmail account? – Baffo rasta Oct 30 '20 at 17:35
  • is her iCloud account using that gmail email? – MikeSchem Oct 30 '20 at 17:37
  • I can't honestly tell and asking her as soon as possible, but I recall her mentioning that also her father's gmail account was compromised, it still may be two different attacks but it could be because they share the same PC... – Baffo rasta Oct 30 '20 at 17:38
  • can you give more details on what lead you to believe her accounts were compromised? – MikeSchem Oct 30 '20 at 18:01
  • According to what she told me, her and her father's gmail accounts' passwords keep being changed no matter how complex or weird they make it. – Baffo rasta Oct 30 '20 at 18:03
  • Well enabling 2FA should stop that though I'm not sure why an attacker would want to change their passwords. – MikeSchem Oct 30 '20 at 18:09
  • We agreed to hear each other tomorrow to look further into it, I'll let you know, thank you for now! – Baffo rasta Oct 30 '20 at 18:14