We increasingly field distressed callers regarding a cellphone that the individual believed has been hacked. This page is to provide some guidance in this regard, as we do not perform these types of services for individuals for a variety of reasons.
It is important to realize that working with a forensics vendor to confirm if such a situation exists will be expensive, assuming you can find one willing to do this type of work, as we do not.
Also, 'hacking' a cellphone is not easy and generally requires physical access to the phone. Most of what would be considered 'hacking' apps are used for parental monitoring of a minor's device. Or, a party's iCloud credentials are known or guessed by the 'hacker' and that provides the means to see your data.
Another key point is that you, the party whose cellphone is believed compromised, must clarify the goals of any vendor-based forensic analysis that you may pursue. In particular, what 'remedies' do you seek? Finding the party who hacked your phone? What will you do then - sue them - put them in jail?
These are rarely practical options and the criminal angle is only available from the police, so they should be your first call, if the situation warrants it. And, you will need an attorney to pursue any legal remedies, so you should find one who will do this work for you first. And, how much money are you willing to spend on this - thousands of dollars?
Before you call anyone, you should perform your due diligence and gather whatever data, be it screenshots or whatever, that you believe evidences the 'hack'.
Some of what is ‘hacking’ nowadays, at least for individuals and especially when a known party is in play (i.e., an ex), is simply guessing credentials or already having them.
Also, as noted above, a significant number of 'hacking' is done via parental monitoring apps and these require physical access to the phone. Odds are extremely high that you have not been victimized by nation-state quality malware and what looks like a 'hack' is not the result of someone gaining root-level privileges to your device and installing zero-day malware upon it.
So, this brings us to this point. The best next step is arguably to perform your own analysis and remediation. A Google search for ‘hacking’ or ‘spyware’ and whatever device is in play for your particular instance will shed a significant amount of light on what is possible in terms of ‘spyware’ and how to defeat or remove it.
TLDR, be prepared to perform a factory reset of your phone and change your passwords and recovery email addresses/phone #s for your iCloud account, etc. It likely will require a lot of effort, but that is the current state of these affairs. Lay out your plan and follow it, so you do not miss changing a key password or 2FA phone number, resetting a Macbook, etc.
Copyright © 2023 Spectrum Computer Forensics and Risk Management LLC