MDM on personal iPhone - Businesses, unauthorized developer activity HELP!

Sadly, there doesn't seem to be any help and the ones that will respond, will tell you you are either crazy or you can't be hacked unless you have your device to someone.

For what it is worth I have been dealing with this and here is what I have learned; you need to delete your old apple id's and confirm that they are deleted. You may not be logged in to any (neither was I) but it has something programmed into the IOKIT boot so you cannot reset the NVRAM properly, leaving find my process to look as if the activation lock is on.

Make appointments for each apple product to have a firmware/software update through DFU mode and make sure it is DFU because a factory restore will not remove the cache that is lingering in the files. This should all be done at the same time otherwise it will talk to the other device and reestablish itself.

The factor reset you are doing doesn't work because it does not empty the trash and it seemingly blocks any terminal command to do so as well.

Before you boot up your computer(s) & phone(s) delete and confirm you have deleted all of your previous apple id's. Write down the code it provided to delete the id because chances are you will have to call to

confirm its deletion.

If you have a google ID, check to see if you are enrolled in any trial based workspace or fire base programs. Workspace allows device control as well.

I have changed our TV's and printers but it still seems to latch on to any printer so now we do not print. Debilitating to say the least.

I believe that there are enough of us out there to confirm that this problem exists but apple will not respond until they have fixed it. I know it sucks. Two factor everything and I wouldn't suggest any external usb or thunderbolt security keys.

I also would not suggest any products other than apple. That will only make your situation worse.. even the keyboards because it will load a generic driver onto your device. Only use apple wires as well. I am definitely not an apple advocate, only sharing what I have come to accept and learn.

You may have to go line by line in settings on your iPhone to turn off everything that you do not use and if there is an arrow on it, click to make sure there is not an opportunity to bypass your defaults. The Mac computer is the same and there are probably about 100 Plists that will try to alter your default settings so do not take anything for granted until you have clicked through it all. Plists are just preference and apple will tell you that it does not mean that they are being used. That is absolutely correct but the Plists I have seen start with NVRAM and a fmm (find my

mac activation) which is huge problem.

for whatever reason it uses nfc and mdm BUT mdm does get removed later on during the process. It keeps respawning. So it isn't necessarily MDM as much as it is trying to be so I presume that there is some detail in the MDM program that helps it get what it needs.

The shared cache you are seeing is at best guess, all of the info it has collected on you and will keep looping together. This is just a guess but I have been watching it on mine as well. I could 100 percent be wrong but I believe the cache is what keeps this process communicating between devices.

There are enough of us out there with this problem. I am sure that we have a common thread but I have no idea what it could be. I just know that no one is going to help me or my family and I am just going to have to do my best to keep my kids safe.

I could bring a new computer into this house and within ten minutes watch it try to harvest my old apple ids, while Bluetooth sniffing and try to connect to something nonstop. Eventually, it gets back in and the new id becomes corrupt, I delete it and start again hoping the last apple update resolved this issue. Two years later and I am headed back to the Apple Store today to pick up a couple of devices.

I wish someone had better news for the both of us but this is the best advice I can give you.

i have been researching and digging for almost 3 years on my own. no one believed me and after proving it they just did not want to hear about it. i know this is apple site but this is my 7th phone but first iphone the other 6 were android. the common factor is root installed and radio access tech or RAT which is also remote access and that is used too. next is api restful api to be more precise which can come from multiple areas. i have matched api, root access, mdm, iot, bluetooth, to every device. microsoft azure, visual studio, googleapis, enterprise, yahoo, facebook, and many more. facebook is the most seen on phone but my desktop is all microsoft. i have used windstream and spectrum and both routers were taken over as well.

get a network analyzer app and you will literally feel your mouth fall open at what you find. im on a loopback completely separate from every other device. i have dns that make no sense.

we need to get together and fight this!

You know, that is very condescending of you and quite unhelpful.

I have a pretty solid understanding of Tech as Exec in charge of a corporate technology and you don’t even need to be…

How about you explain this?

• my WiFi connected stove, fridge, door bell, vacuum robot, etc. they run up between 10 and 20 GB traffic (each!) every month.
• my router seems to to a DNS spoofing to Russia and back
• As soon as I enter my house, my ipad and IPhone ask for my google account credentials (with WiFi off)
• bluetooth devices show up that are in the drawer since months or years and not connected (HomePod, Apple Watch) and… not just show as device visible they show as device connected.
• Game Center switched on again out of nowhere.
• Apps suddenly synching to iCloud that had been set not to sync
• same device suddenly showing twice in screen time

…. I could go for quite some time.

had this identified ca. September 2020

forget about finding someone to help. It‘s either totally targeted and most others are paraonid (like i could be too, right?) or it‘s too toxic too make known - for Society as we live and know the world not possible to digest. Panic, unrest, etc.

Wow! I am glad I came across this tonight. I have been dealing with this since March ‘23. My windows, Mac and Linux PCs are infected. My iPhone 13 Pro (typing on) , Google Pixel 6 pro and Samsung A13 android all infected. Every day I get more and more information. I signed up as an apple dev so I could install iOS 17 on here. The analytics data has been great. It is causing a lot of the processes to break and automatically create bug reports. That’s what I am out researching tonight. I have created new iCloud accounts, google accounts and stopped using WiFi / Bluetooth and it doesn’t matter. They even were able to take control of my Infotainment / GPS system in my 21 Audi via Bluetooth. That was witnessed by the sheriffs department. I have been compiling Ip addresses and tons of documents and giving to the cyber unit of the local FBI office as well. The only thing that helps pause the flow of data and monitoring is by disabling the SIM card temporarily(which I have also went through multiple sims).

Some of the common recurring exploits I have noticed on my devices:

iPhone / Mac:

• iokit exploits
• mdm policies
• proxies and tunnels (hidden)
• . Look for cloudflare tunnels
• firebase app attacks
• socket streaming
• hidden apps

Android:

• device policy (mdm)
• VPN hijacking
• DNS hijacking
• Google Play Framework / Services Malware
• Very high data usage ( almost 200gb / month) when before it was maybe 10-15
• Remote Config and “Google/Samsung ” system apps that are forgeries (Due to leaked App signing keys. Google search it)
• nearby device sharing and uwb

Linux:

• pam elevated permissions exploits
• pipewire, alsa and avahi exploits
• Firmware / Bios malware injection
• dbus socket exploits
• dns highjacking
• wifi bt control with overlays to hide connection

Windows:

• Lsass elevated exploits (Microsoft finally released a security update to address it with 22H2
• group policy and domain join enforcement (personal computer)
• Bios / efi exploits. Microsoft just released a partial security update but you have to activate it manually
• sfc /scannow is your friend from a admin cmd prompt
• nearby device sharing
• print server exploit

The iPhone and Samsung have never been rooted yet they have root cmd line access.

The bad thing with all these devices is as soon as you factory reset or wipe (even complete reinstall) the first thing all these devices want to do and do is turn on your radios(WiFi bt nfc) and search for nearby devices. Someone previously in the thread mentioned infected Roku printer and other iot devices spreading it. I can confirm that is what has happened to me after resets many times.

Sorry for the dump of info (even non Apple related) but this is obviously a bigger problem than companies are willing to admit right now. They are all interrelated though based on WiFi, BT NFC and the radios that our devices have, as well as, device sharing, sync and backup. Something needs to change. I mentally can’t keep living this nightmare and second guessing my sanity.

I applaud apple on making their own chip though because they didn’t (yet maybe) have the Exonos exploit from a couple months ago that allowed full device control with someone just having your phone number if you had WiFi calling enabled. It didn’t even make the news. Samsung still hasn’t released the fix for my a13 months later

I am going through the same struggle. You were probably not actually on a phone call or chat with the legitimate Apple support, usually when you contact you will get a confirmation email of your contact. I also got elevated to the “Senior Technician” and I got suspicious and started asking questions and he hung up. That was from a “chat” and then the person typing said their supervisor would ring me straight back. Another time I was calling the correct number from my iPhone using the legitimate Apple website number, she asked for my AppleID and then tried to get me to screen share (did not ID me other than my email address) so I hung up.

I ended up taking in to the Apple Store my devices which were reset but it hasn’t resolved. From what I have pieced together it has been active for at least a year on my iPhone. The updates have not solved anything. I have never run anything non genuine on it and it’s always been keep updated. Tonight I captured my MacBook Pro kernel launching a buffer overflow to one of the Apple Devices.

I have also had the battle of the off and on settings, although it hasn’t happened on the iPhone in front of me as soon as I close Settings it changes it back.

Unfortunately until more people start kicking up a fuss we are on our own. I’m stuck with thousands of dollars worth of new Apple products that are not in my control.

Continued...

To be perfectly honest, you do sound a bit paranoid and are drawing any number of wrong conclusions based on your observations of and lack of technical knowledge of various things but this is normal and an expected response to legitimate concerns that you have based on what you yourself have witnessed. It'd be useless to attempt to go back and align your experiences with the exact reality of what occurred and verify everything as being legitimate or not-relevant/mistaken as you are surely wrong about a certain percentage of what you believe you are witnessing possibly thanks to ordinary human paranoia. Almost everyone making similar claims has however observed something that is genuinely malicious but again it'd be fruitless to attempt to go back in time and pinpoint what exactly you've witnessed. I believe you though that there are nefarious forces at work causing your distress.

I myself have encountered things that at the time were difficult to understand and caused me noticeable distress. I just quickly learned to limit the extent to which I allowed any of that information to affect me.

You can waste hours days weeks months years trying to figure it all out...and if you do who has really won? It isn't you. You can't win. There is a battle going on every millisecond between the good and bad entities that comprise the internet. The problem the good guys can't destroy the bad guys since vulnerability is inherent to communication. You can't really have security and connectivity. When you allow for two endpoints to communicate you are decreasing security in some way to allow it. Just like being a part of society exposes you to the risk of biological viruses but people still want to live in big cities. They don't choose to hide under rocks or behind masks for all time.

You can win by taking back your time the ability of these things to phase you and rob you of your time and well being. However you do that, but let me tell you it isn't by reporting your findings to the FBI. If they wanted or needed your information, you'd know. Until then, don't waste your precious time..it's a finite resource. Let go of the belief that you are entitled to some level of security that would ensure privacy. They notions were sold to you as a very effect marketing campaign, but they never actually existed. At least not in the form you believed in, even though so many are so convinced they are tangible things..as if they're so real you can hold them in their hand.

Unfortunately there is a huge potential for unitized root certificates, especially if victim of said crimes and occurrences. Unfortunately both Apple and authorities have left many desperate, know they are being stalked by someone they know, have no choice but to self learn to try and protect something. To attempt something to stop it.

kinda harsh and I’m sure your initial response would be different if it happened to you.

Sincerely,

3 yrs personal cyber stalking attacks and impersonation from stolen account credentials.

I’m a former Global Info Sec Manager, certified. I can’t get my hand on the needed tools to even get a peek inside, but I have many of the same symptoms. Check out “shortcuts”, there should only be a couple. If you click on the eclipse, you should be able to see actions, I had 87 at one point. Some brought back pics of the hacker, obviously to bother me, although back doors were opened, fraud, including fraud downloads from App Store that were hidden, an Apple feature. There is a site where you can see hidden purchases, and Apple provides info on how to view them, 2 banking apps, 2 remote control apps, 2 email “management” that deleted all of my email from 1 account that I’d had since the inception of email, more. All completely hidden. The download for the MDM showed up again, I attempted to download, but it said I needed Admin access. And when clicking on the MDM icon, it had an option to hide! There is a lot of JavaScript included. Like you, I also see regular activity to Game Center, Health or Fitness, Notes, Books and calendar along with many other settings that turn back on right after turned off. Mine are all personal devices, never Corp owned. You must have a Mac to install, at least for the 20 free licenses. And sharing turns on as well, this allows any device on your network to share certain apps, and it spreads software to Windows (including MDM) if you have windows, do a search on *mdm*.*, there will be over 1,000 files if it’s on there. If you have anything you want to keep, back it up on a usb drive, Amazon has a photo stick that will allow you to copy pics. There is an app that will create a zip file of contacts, but my email auto deletes a lot of email, even Apple Email. Search on DOJ MDM and antitrust, they mention the MDM on parental controls, but also other devices and it’s deemed a huge security risk. Report it on IC3.org, if it will allow you, it blocks me. Check out your scripts, see if it’s collecting recent data, such as calls, websites. At the bottom, it says something like search for apps, type either ssh, JavaScript or Script in there, see what results you get. It’s most likely someone you know that has a MAC computer and has access to your devices. I can collect data, and see what’s going on, but I can’t stop it. Oh, my router and firewall are unplugged, but it is still getting in, verified cell data, and it’s not there. It’s using a remote access tool, and has the “root” password? It is showing an internal IP address, not cell phone. But many ppl have the same internal IP addresses. But Bluetooth will turn itself on, on the first page of settings, or says Wi-Fi off, but when you select Wi-Fi, it’s on and green. It shows that it’s scanning the network for devices, indicating I have 22 and 22 were expected. It shows much more. But since it scans everything, you can’t add anything new without it taking over. I bought a small Amazon fire to avoid the high cost of another IOS device (I’m disabled and on fixed income. But it installed parental controls before I could set it up! Most security programs require Corps only. But I’m not a Corp, and someone downloaded it! I have a couple things in the works. If I could have a Windows PC, and a simple phone (at this point), I’d be OK, but the hacker will not permit it! 1.6 years to date. BTW, depending on where you live, you might be able to get a private eye or attorney then get a subpoena. Apple told me they have “real” user info, even if they obfuscate it. Then you could get a restraining order (or sue depending on what you find). It’s hard to track phone activity (they have spoofed my phone even to call Apple and reset passwords on everything. When you looked at Analytics, did you see scanning and counting? I’m not sure, but think it occurs when you reboot, I’d just reformatted again, a few differences, but it was on Wi-Fi right away. And 22 devices? Nothing is turned on or plugged in, I had to remove the Roku devices as well!

I had the “receive a message that I cannot use Messages for Business” as well! It’s at least good you only have 1 device. It does get installed on everything!

Apple keeps all data for 10 years, but they normally won’t provide info on this subject and will dispute evidence you submit. Although sometimes a rare representative will provide info.

Report this to IC3.gov, they are all over the security risks with the MDM, but your devices will prevent you from sending. Be aware that everything you say or do is monitored, and fake sites are common (go to another computer that is not yours then look at differences in pages), like no header footer data on web sites, no tool bars, no details on senders or fake emails.

There have been many attacks on Apple devices lately, search on NYC iPhone “rings” stealing iPhones, or Pegasus and iPhones.

My system settings change back right away as well.

I'm sorry you are going through this ****. I’ve never seen anything like this before. I was in Information Security for most of my life, but the Apple devices had just hit the market.

Ive been trying to “fix” it for two years and it gets worse, I even unplugged my internet! Then, a mostly hidden hotspot was added, the IP resolved to Apple! Come to find out, the MDM comes with the option of a Wi-Fi hotspot. It’s sort of hidden. Go to Wi-Fi, (with no Wi-Fi turned on) turn Wi-Fi on, then click edit, if you have one, it will show up as “managed” no option to delete. Inexpensive devices (under $100) are available on Amazon. It will detect Wi-Fi hotspot connections. This has also been used to track me in my car and break into my home.

I did suspect someone that I had been rather fond of, and kept hoping they would stop before taking further action. That has been foolish on my part. I’ve lost a lot of equipment, experienced fraud, spent $ on tools, new devices, “experts”, stolen snail mail, stolen iPads (I did learn who had the iPads), hacked home alarm, house vandalism and so much more! Oh, if you think someone has been in your home, they likely have (they know where you are) invest in a couple (or more) cameras that don’t use Wi-Fi or any electronic communication methods, as they will get hacked otherwise.

I’ve heard the Sheriffs Department will help (some will) and assist with a subpoena (much cheaper than an attorney). Some states allow a DIY subpoena, but keep data, like your changes (that’s hard to explain unless you make a video), and keep in mind, it does sound crazy! And try to use words a 15 year old could understand. The police are usually not information security experts, they have other big jobs to do. I’m a seasoned IT certified security pro, and most have looked at me like I have 2 heads. There were some YouTube videos on recent hacks and “rings” of ppl across the country, I think, look up NYC, WSJ, iPhones Attorney General. Also search on iPhone compromise and Pegasus, it also takes over devices.

Hey all, ironically I had this discussion bookmarked for a few months and never read it until now. As I read through, I hear the commonalities as I’ve endured for 3 years.

I hear the desperation of a basic essential right to privacy we all deserve taken away. We expect a certain protection of a Large and prosperous manufacturer of a personal product marketed and sold to us to protect us when their products work against us. As hard as it maybe to struggle with the frustrations of not being able to be rectified and the many challenges it has created for us, some person in our lives has chosen to betray us in someway, somehow.

It is very frustrating to look at our families and friends who know us better than anyone else and have them question our sanity when we share about the difficulties we’ve been facing and continue to do so daily. I’m guessing that most of you, just like myself, get triggered fairly easily by anything having to do with this topic and seeing it once again and feel so defeated and frustrated.

This thread that AgentDragonfly has started has added a great amount of validity to each of you, and myself.

I believe the support for others battling this issue can be of great help for people before their lives they’ve worked so hard to build, has been torn apart.

I certainly don’t have all the answers, but we all might have the opportunity or insight to remember the feelings of when it started for us, and where we are now in the journey of this season of confusion and uncertainty. We understand so much more than we did when it started. We may not understand how to fix it yet, but we can at least understand how it has made us feel so helpless.

I just wanted to share this with you as I realize how valuable this thread and other methods might be for the person that just had a device added unknowingly. They will more than likely be running and seeking answers immediately like we all have to only be rejected and referred to as having a mental health condition.

I apologize for my lengthy reply, but I couldn’t help it. Thank you for reading if you did.

🤙

AgentDragonfly appears not to have posted in this thread since April 4, 2023, over a month before you started posting here.

You will get email notifications if anyone posts in this thread. But, largely, the only person who seems to be paying any attention to you is me.

Girl I have been living this nightmare for nearly four years. I hear you loud and clear. Absolutely NO help and lie after lie. Try this MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. Very accurate and give you insight to how the attacks are happening.

Mine is through direct access remotely. Abuse of administration privileges from a prior Global admin, azure and google workspace. I have been documenting this from day one. Binders full of evidence, fraud, spoofing, malware, spyware and everything in between.

There is very little oversight to these web developers and MDM companies. The Big Tech Co’s sell your info to the highest bidder. Watch Social Dilemma. Very disturbing. Unfortunately, the criminal is protected and the victim pays dearly and suffers the consequences. If someone has access to your Apple ID which is Very easy to get nowadays it can be devastating to individuals.

I’m literally sick of the stress it brings on, the Mind F*** and the financial loss. It is a vicious circle and a living nightmare. Check your Apple App report and Apple analytics. Also check your VPN again. It will not be visible you have to click and click again to find it. Check IPsec see if you see a Cisco VPN.

Best of luck to you.

[Personal Information Edited by Moderator]

Correction, IC3.gov (on a different OC). Take a look at WSJ on YouTube, search on IPhone attacks, a ring of ppl (in several states) have been stealing iPhone data!

When they say you are crazy, ask them if they ever read? See Pegasus 2015 and forward. There are also scripts (37) that is C&C that will take complete control of your device! I also read (but not verified Apple now gets viruses 2 per 1 in Windows. Unfortunately, this is not a virus.