Can Someone Hack My iPhone? How To Tell & What To Do

Can iPhones Really Be Hacked?

When Ben Hubbard’s iPhone was hacked, it put people’s lives at stake. As a reporter covering the Middle East for The New York Times, Hubbard’s phone included contact details, notes, and other sensitive information about secure sources — making his phone a prime target for state-sponsored hackers [*].

While you might not be in the crosshairs of political hacking groups, your iPhone still contains information that could put your identity or finances in jeopardy. And despite the hype, iPhone hacks are not impossible.

In October 2023, Apple issued urgent security updates to address two zero-day vulnerabilities that were actively exploited in attacks [*].

These vulnerabilities allowed local attackers to gain escalated privileges on iPhones and iPads running versions prior to iOS 16.6.

{{show-toc}}

How To Tell If Your iPhone Was Hacked

• Your phone is hotter than usual or runs out of battery quickly. An iPhone overheats when processes are running in the background. If you notice your battery draining faster than usual, dig deeper to find out why.
• You see unrecognized apps on your home screen. Don’t ignore any unfamiliar apps that you don’t remember installing. It’s best to investigate and remove anything suspicious. 
• You’re locked out of your Apple ID. A clear red flag is if you receive a notification saying that your Apple ID was used to sign in to another mobile device, or if changes were made to your Apple ID or password.‍
• Your camera or microphone indicator lights turn on. An orange indicator means an app is using the microphone, while a green indicator is a sign that an app is using the camera.‍
• Your friends and family say they’re receiving “strange messages” from you. Some malware spreads by assailing your contacts with suspicious links. If people ask you about spam they’ve received from your number, or if you spot odd messages in your “Sent” folder, consider these as red flags. ‍
• Your iPhone performance has dropped. As hackers use malware to scan your iPhone for sensitive data, the surge in processing power leaves your phone slow. If you find it’s taking longer to load webpages, play videos, or open apps, the problem may be more than a patchy internet connection.‍
• You see unauthorized purchases made via your Apple ID or linked credit card. Don’t ignore unfamiliar charges on your credit card statements or notifications from Apple Pay. Thieves may make smaller test purchases before draining your account as quickly as possible with larger fraudulent transactions.
• ‍High data usage. Hidden software doesn't only deplete your battery or processing power; it could also consume most of your monthly data limit.

{{show-cta}}

What To Do in Case of a Hack:

As soon as you realize your iPhone or Apple ID may have been compromised, act quickly to protect yourself from further damage.

Here are 12 security measures to take if you think someone hacked your iPhone:

1. Delete any unrecognized apps 

First, look through your phone for apps that you don’t remember downloading.

• Go to Settings > Apps.
• Review the list, making sure to scroll to the bottom of the page. Some malicious apps hide inside folders.
• If you find any unfamiliar or unwanted apps, tap on them and select Uninstall.

2. Run an antivirus scan

An antivirus scan will help you identify any remaining malicious software and assess issues on your iPhone. With regular checks, you can detect and isolate threats quickly in order to keep hackers at bay. 

📚 Related: [Solved] How To Check For Viruses on An iPhone →

3. Update your Apple ID password

If you think hackers know your login credentials, change them immediately to prevent further attacks. You can reduce the chances of future attacks if you create a stronger Apple ID password.

Strong passwords:

• Contain at least 10 characters.
• Use a mix of both uppercase and lowercase letters.
• Use at least one number or symbol.

Make sure you’re using unique passwords for all of your accounts. Also, turn on two-factor authentication (2FA) to secure your login process.

4. Remove unrecognized devices

If you don't recognize a device that has access to your Apple account, remove it immediately. Removing older devices, like your old iPhone or iPad, is also good practice as it reduces the attack surface.

Here’s what to do:

• Sign in to appleid.apple.com, and then select Devices.

• Tap on any device name to view its information — like the model, serial number, operating system (OS) version, etc. — and whether it's a trusted device that you can use to receive Apple ID verification codes.
• Select Remove from account, then review and approve the confirmation message to take a device off the list.

Be aware that any device you remove will no longer be able to display verification codes if you enable 2FA for your Apple ID. The device won't reappear in the list unless you sign in again.

📚 Related: Can Bluetooth Be Hacked? Bluetooth Security Tips for 2024 →

5. Report the hack to Apple directly 

If hackers compromise your iCloud or Apple ID, contact Apple directly to report fraud.

Here are three ways to notify Apple:

• Send suspicious emails to reportphishing@apple.com.
• Call Apple Support at 800-275-2273 on a secure device.
• Visit an Apple store in person to speak with a customer support representative.

Apple will never call you for any reason, even to notify you of suspicious activity on your iPhone, unless you request a call first.

Any unsolicited contact from someone claiming to be from Apple is most likely a scam.

6. Remove configuration profiles

If you suspect a hacker might have gained access to your device, check the list of configuration profiles, and remove those that look suspicious.

Here’s what to do:

• Connect the iPhone to a Mac with Apple Configurator using the USB cable that came with the device.
• If it’s the first time you’ve plugged the iPhone into this Mac, you’ll need to confirm that you can Trust this computer after a popup appears.
• If the iPhone is locked, unlock it.
• Drag and drop a configuration profile on the selected devices or Blueprints.
• Select the profiles you want to remove. Then, Choose Actions > Remove > Profiles.
• Confirm that you want to remove the configuration profile by tapping on Remove.

📚 Related: How To Remove a Hacker From Your Smartphone →

7. Cancel any linked credit cards

Thieves can use Apple Pay to make fraudulent purchases on your account. If your iPhone was hacked, contact your bank immediately.

Here’s what to do:

• Explain that your device has been compromised and there may be some fraudulent activity on your account.
• Ask the bank or credit card company to cancel the cards and issue new ones to a trusted address.
• Review your statements, and make note of any suspicious activity.
• Notify the bank of any disputed transactions, and request that they reverse the charges.

📚 Related: Scammed Using Apple Pay? Here's How To Get Your Money Back →

8. Freeze your credit

If an identity thief gains access to your personally identifiable information (PII) on your iPhone, you could fall victim to various types of financial fraud. For example, thieves could:

• Apply for loans in your name.
• Open new credit cards or other online accounts in your name.
• Request a replacement credit card, and change your address so that they (and not you) receive the new card.

Placing a credit freeze with all three major credit bureaus — Experian, Equifax, and TransUnion — can help prevent scammers from opening new accounts on your credit file. To freeze your credit, you need to contact each credit bureau individually:

• Equifax: Place a credit freeze online or call 1-800-349-9960.
• Experian: Place a credit freeze online or call 1-888-397-3742.
• TransUnion: Place a credit freeze online or call 1-888-909-8872.

9. Check your app permissions

By managing app permissions, you can regain some control of what private information is shared about you online.

Here’s what to do:

• Go to Settings and then Privacy on your iPhone.
• View each category on the list to see which apps can access your data. For example, you might be sharing personal data through Location Tracking, Bluetooth, Contacts, Photos, and your Microphone.
• Decide whether to grant or revoke permissions as you see fit.

📚 Related: How Can Someone Track Your Location? (And How To Stop Them) →

10. Clear your browser history and cache

Your iPhone stores cache data — content from websites — based on your browser history. The next time you visit the same website, cache storage helps the site load quickly, saving you time.

However, cache data can slow down your iPhone or tuck away viruses and malware.

Here’s what to do:

• Open the Settings app.
• Scroll down and tap on Safari.
• Scroll down again and go to Clear History and then Website Data.
• Tap on Clear History and Data to confirm.

📚 Related: How To Get Rid of Viruses on iPhones and iPads →

11. File an official identity theft complaint with the Federal Trade Commission

If you become a victim of identity theft after someone hacks your iPhone, notify the Federal Trade Commission (FTC).

Go to IdentityTheft.gov and follow the prompts to file your report. The FTC will provide a recovery plan and an official record that you can show to businesses to prove your identity was stolen.

You’ll need the following details to submit the report:

• Your full legal name
• Date of birth
• Social Security number (SSN)
• Driver's license number
• Current address (and how long you've lived there)
• Phone number
• Email address

📚 Related: Have I Been Hacked? How To Recover From a Hack →

12. Factory reset your iPhone

In the worst-case scenario, you might have to completely wipe your iPhone and restore the original settings on your device.

A factory restore erases the information and settings and installs the latest version of iOS.

If all else fails, this is the best way to oust a hacker out of your iPhone (but this can't guarantee that you'll remove all viruses).

First, get your device ready:

• Make sure that your Mac is up-to-date. If you're using iTunes, ensure you have the latest version.
• If you want to save the information on your iPhone first, make a backup.
• Go to Settings > [Your name] > Find My, tap on Find My iPhone, and then switch the setting to Off.
• If your Mac has macOS Catalina or later, open the Finder app. If you’re using a Mac with macOS Mojave or earlier, open iTunes.
• Connect your iPhone to your computer.
• If a message asks for your device passcode or prompts you to Trust This Computer, follow the onscreen steps. You can get help from Apple if you forget your passcode.
• Select your device when it appears on your computer. Follow Apple’s guidance if your iPhone is unresponsive or if your device doesn't appear on your computer.
• Select Restore iPhone. If you're signed into Find My, you must sign out before completing this step.
• Select Restore again to confirm. Your computer will erase the iPhone data and install the latest iOS software.
• After your iPhone restores the factory settings, it automatically restarts. Now you can set it up as a new device.

📚 Related: How To Get Rid Of the Apple Security Alert and Mac Pop-up Scams →

9 Ways To Protect Your iPhone

Your Apple ID is the gateway to your data, files, and other linked accounts — making it a sitting target for cyberattacks. Preemptive action can help to secure your Apple ID and data from hacks.

Here are nine ways to protect your iPhone:

• Install iOS and software updates as soon as possible. Software updates often include security fixes that can protect your iPhone against emerging cybersecurity threats. If you're unsure if your iPhone has the latest updates installed, check by going to Settings > General > Software Update.
• Update your phone’s passcode and auto-lock. Set a complex passcode — do not select an generic code like “123456” that someone might guess. Also, adjust the auto-lock setting to 30 seconds to reduce the risk of someone with physical access unlocking your phone. Go to Settings > Display & Brightness > Auto-Lock.
• Set up multi-factor authentication (MFA) on your Apple ID. This added security layer means hackers can’t log in to your Apple services without you knowing. They’ll also need access to one of your Apple devices to access services. To enable this feature, go to Settings > [Your Name] > Password & Security > Two-Factor Authentication.
• Use a Virtual Private Network (VPN) when on public Wi-Fi networks. Using a VPN is one of the best ways to protect your privacy online. All Aura plans include a built-in VPN with military-grade encryption to keep your online activities hidden from hackers.
• Don’t jailbreak your phone or sideload apps. Jailbroken phones eliminate some of Apple's most critical security features. A single malware attack could expose your data and leave you open to financial damage and identity theft.
• Ignore and delete all suspicious text messages, emails, or calendar invites. Phishing emails and smishing texts via SMS or WhatsApp are among the most common types of fraud. Your iPhone could be hacked if you reply, call the numbers, or click on any malicious links.
• Enable Find My. This feature allows you to track your phone using any device with the Find My app installed. You can also use this app to remotely wipe your personal data after your phone is stolen or lost. To enable Find My, go to Settings > [Your Name] > Find My, then toggle on the Find My iPhone button.
• Turn off Bluetooth when you’re not using it. In an August survey, 12% of respondents admitted to accepting unknown Bluetooth connections while on public Wi-Fi [*]. Smartphone users who leave their Bluetooth enabled in crowded public areas could unwittingly expose their devices to hackers.
• Consider the Erase Data option. This feature sets your iPhone to erase all data after 10 failed passcode attempts [*].

📚 Related: Free VPN vs. Paid VPN — What's The Difference? →

Keep Your iPhone Safe From Hackers. Aura Can Help.

Once hackers access your sensitive personal data, you could fall victim to identity theft or financial fraud.

Knowing what spam texts look like and avoiding clicking on links will help. But your iPhones may be compromised without any user interaction, too.

An exploit chain, known as BLASTPASS, successfully hacked iPhones running iOS 16.6 [*, *]. This exploit used PassKit attachments, which contained malicious images, sent from the attacker's iMessage account to the victim.

This is where an comprehensive digital safety app like Aura may help.

With Aura, you get access to:

• Antivirus software that safeguards your devices against malware, spyware, and ransomware threats — even when you and your family members download apps or browse online.
• A virtual private network (VPN) with military-grade encryption to keep your online activity away from prying eyes.
• A password manager that enables you to create and store unique, complex passwords for every account.
• 24/7 credit monitoring to inform you of any suspicious activity on your credit file. Aura delivers rapid fraud alerts 250x faster than other digital security apps.
• $1,000,000 insurance policy to cover eligible losses resulting from identity theft.

Protect your identity and credit from hackers. Try Aura free for 14 days →