My iTunes account was hit with $2,000 worth of fraudulent charges back in October and I don't think that I was alone. I eventually got my money back, but this is the only time CC fraud has happened to me and I didn't enjoy the experience.
No doubt the the problem has been fixed by now, but I only leave my CC details on iTunes for a few minutes while actually making a purchase.
This has nothing to do with public WiFi of course. It's unencrypted and there's no doubt that someone with the technical expertise and bad intentions can tap into the traffic.
I had similiar issues November 2015. Mine was using a public wi-fi network. I used my iPad 3, not jail broken, at a hospital where a family member was spending several days. I thought I was logged into the free wi-fi offered by the hospital. Apparently I was not. I think my iPad was cloned. I paid out over $3,000 or more in fraudulent charges for in-app purchases on a game that I had on my iPad. I didn't want to have my iTunes account suspended. I got my next bill in October and it had close to $2,000 in in-app purchases. I called Apple several times for support and I got several different answer that ranged from impossible to very possible. Basically I was getting techs that didn't have an answer. The reason I think the tablet was cloned is that I finally did a back charge on my Amex as I wasn't going to pay for someone else to play games at my expense. I called Apple support and I finally got an obvious solution to temporarily solve the problem. I was finally told to change my password and also change my router password as well as get a new Amex card. I am not sure how the person responsible was using my iTunes account to buy these purchases was able to do so when I was 40 miles from the first fraudulent inncedent. I deleated the app, made the changes that the tech suggested and it stopped.
Christmas 2015, my partner received a Kindle fire tablet for a present. We did not take it out of the box until sometime in early May. I reinstalled the app that was causing my problems as I thought it was safe to do so. After adding the Kindle to our network, the Amex bill came due with close to $3,000 worth of in-app charges again. I called Apple support and asked how it was possible. Again I got a different answer from everyone that I was transferred to. Finally a tech asked if we had added any new devices. I said yes, a Kindle Fire. He informed me that whoever was using my account most likely came through the Kindle and gained access to our network again. Most likely the same person. I immediately added a security suite to the Kindle. The tech said that it was basically an android device and was the most hacked OS of all. He sent me back to another customer support member and she said that it was impossible to "clone" an iPad unless mine was jail broken. This didn't make sense to me as it seems like you would be able to do things like cloning with a jail broken tablet or a laptop as from what I understand about doing this, you can run programs and other stuff you can't do with a normal iPad. She basically called me a liar and said that the charges had to be coming from my tablet. It really ticked me off, so I called Amex and filed another fraudulent charge. When I did this a second time my tablet became useless as it would not update apps, download purchased apps, or accept gift cards. This time I thought of my own solution. I immediately went out and purchased a new cable modem to change my MAC address. This stopped the fraudulent charges. Now the only way I can buy an app is with a Apple Gift card. I also recently discovered that I have a Facebook account, one that I do not want nor create. I'm still waiting on Apple and Amex to either close the case or most likely make me pay the bill. I still think it's either a situation where my tablet was cloned or someone at Apple is possibly abusing my account. I asked the same customer support member that if my iPad 3 couldn't be cloned, then how do I know that it's not someone at Apple making these in-app purchases. She said in a very snotty way that Apple would not hire someone of this type, plus they don't have access to my information. I called BS on this and she hung up on me. I would turn off the in-app purchases under the restriction section in the General section while these charges where occurring only to go back and see that it was turned back on. It's like someone was remotely using my iPad and buying in-app purchases and creating a Facebook account.
I did do some internet research on this issue and I found a site that basically walked me and anyone else through the process of cloning using scripting to get all of my tablets info including my MAC address, router info and SSID, as well as the model number, serial number and IP address. If the person doing this is located 40 miles from me, how can they use my IP address, and router? So it really tics me off that the customer support person basically said it was me doing this at 1:00 am and 3:00am when I was in bed and the purchases where no doubt coming from the device I'm currently using.
I've long been a fan of Apple products and have never had any issues until this mess started. I have a brand new 13' MacBook Pro still in the sealed box. I also was planning to get a new iPhone but If they don't fix this issue, I'm sending the MacBook back. I'm waiting for a resolution from Amex and I have a credit card I got with a $500 limit to put on the account to buy apps or whatever.
So with this very long explanation, is it possible to clone an iPad, MAC address,SSID, and use my IP address as well as my Apple Serial number?
