MDM on personal iPhone - Businesses, unauthorized developer activity HELP!

EllieDolanStl wrote:

Any advice? I can’t trust anything.

This sounds quite serious so here's my 2 cents.. It's not possible to know what's going on with just the info you provided and anything's possible, but for starters, I do have a question about your statement "They are constantly in my iCloud account doing things like disconnecting my eSim, leaving creepy photos of me". Leaving creepy photos is a fairly uncommon thing to report in these type situations and such an occurrence would no doubt be very creepy. Can you give any other info on this? Are you absolutely positive that you aren't taking the pictures on accident, or moving a file to another location and not realizing it? Have you considered the possibility of medical illness which may make you forget certain actions that you yourself are actually responsible for? Remember it'd be impossible to know unless you do something like set up a camera to record everything for later review. Do you have any reason to believe the government keeping tabs on you? Have you ever done anything that may have been perceived as a potential marker for terrorist activity? Visiting extremist websites, participating in discussions, or share a home network with anyone who may have done something to that effect? Regardless of your own personal beliefs or reason for viewing such content. For example did you have some school assignment related to terrorism and visited a few too many websites in your studies? Consider your value as a target to a state-sponsored actor or any individual..why would they want to do something like this to you? If you can't find a reason like for example you're a high net worth individual, an activist, a potential extremist, you had lots of jilted lovers, etc., then the alternative may very well be that you are mistaken and your brain is understandably misinterpreting things that may be fairly ordinary events as a response to some legitimate things you witnessed that evidence some network intrusion you've suffered.

Take for example the other part of "they are constantly in my iCloud account doing things like disconnecting my eSim". There may very well be a problem with your eSim it could even be hacking related but your eSim and your iCloud account are not of much relation to each other. You may be observing certain events and misunderstanding what is actually happening. It's not going to be possible to know from the info you can provide via this forum but I am fairly certain you are misunderstanding some things and are describing others that are clear evidence of a problem. Knowing the difference can be difficult and is nearly impossible when you yourself are the victim.

Now what can you really do about it? Change all of your passwords to everything and write down your updates on a piece of paper. Then sign out of all your accounts everywhere. You need to take all of your bluetooth and internet capable electronic devices and all files you own and disconnect them from their power source then safely store them for some distant date for possible data recovery or investigation. Contact your mobile phone company somehow like in-person at the store and cancel your phone service and store your phone as well with the rest of the hardware. Physically disconnect all batteries. Be sure you've purged everything for a period of time like a few days to make sure. Move away from any compromised devices outside your control. Purchase new devices once safely away from all other potentially compromised devices and set up new accounts including email. Do not use cloud services to store data. Do not use suggested passwords, eydfcrare too quickly cracked and only provide the illusion of a secure password. Passwords don't need to be extremely complex or overly long, just slightly more complex than the typical suggestions. Minimize exposure to networks and networked devices as much as possible.

This will probably help you but for most people it's nearly impossible. One important thing is that once a device has been compromised there is often nothing that can be done. Maybe this is why you've encountered such little help bout all this. After all, what do you want them to do..give you new iPhones and MacBook Pros?

But really at the end of the day what are these people getting from you? Have they stolen your money? If not, well then your privacy was never really promised anyway. It's the internet, it's inherently insecure. Security is often times severely lacking and falsely claimed so unless you have invested the time and resources to create it and are aware of limitations, it doesn't exist. The lies companies will tell you about the superiority of their products are only lies if know the truth, which few people do and when they learn it it can be shocking and disillusioning. Panicked responses typically makes someone stand out from the crowd and then victim to ostracization.

Could you share the Bluetooth connect script? I’ve seen many connections using a rogue hotspot and Bluetooth. Same thing since 2021. Likely is someone you know and they own a MAC computer.

I have been going through this type of situation for 2 years 8 apple ids 3 carriers

3 brand new apple devices and one Mac Pro all infected the same way . I have tried everything once I put my name and dob in device it’s a dead ringer I cannot stop sharing with note or home. But I’m sure if all the users with the same problem can get help because as consumers we have rights

I’ve found several hidden devices. If it’s the Hidden MDM, it does geo fencing and scans your network for any new devices. It appears they can get into network once MDM is installed, it sends a beacon and it searches for serial numbers. Contact IC3.gov as they (gov) are trying to get rid of the MDM due to security issues! Also, Apple keeps a record of all devices that access your devices, although you will likely need a subpoena. I’ve read a sheriff can issue one. You will need supporting documentation.

I thought I would run out of space, so continued. Show recent “in the news”attacks on IOS and other devices, this will help with local authorities to understand this is a huge issue! Look at Wiggle dot net, this will provide network activity, the source, connectivity (bluetooth, Wi-Fi and so on) and if you create an account, a must, your specific data. You will likely see a spike in network activity. I was most surprised to see the volume of Bluetooth activity, unaware that one BT connection could attach to and take over 8 devices! This started after unplugging my network, with help from the hidden hotspot, and I found several things in my home, Wi-Fi connected smart bulbs, altered door bell, more. The Wi-Fi must be on for detection. And in my car, it must be moving prior to detection.

if you suspect someone, you are likely correct. I’m almost certain the first MDM must be installed locally, with device in hand. After the first install, the rest can be remotely installed. BTW, there are methods to look at more data on the device, I’ve not tried it, but it requires a working device and Intune (I think).

Id also try to ask the person you suspect if they are doing it, and request them to stop before taking it further, if you care about this person. The subpoena will tell you who/where/when, then a lawyer would likely be required. Or you could get a restraining order. I don’t want to cause harm to the suspect, and I’ve already been told the who/where part. In addition my nieces Apple account was on one of the missing iPads! So if someone is within or around your network I guess they can install on other devices within the designated area? I’m really not certain exactly how her Apple ID was compromised? It had my account on it. And worse, some installed malware contains other bad activities, of which I have no way of knowing which malware is doing this or how. WiGLE dot net shows some info on this. They can also completely control your phone, (and email), block phone calls, make phone calls with your number, using accessibility apps, switches, any number can be added and make and receive calls (if you find your phone not working). These calls will show up in history under FaceTime, but when you look, history is quickly deleted. There are other apps that do this as well. Unlike years ago, when spoofing or faking a phone number, this allows 2 way communications! I suspect they could receive authorization codes as well. My screen has shown “a new iPad/phone” has been added to your account, but they don’t show under devices. Once or twice I saw the missing device listed, called Apple, they “untrusted” it, but the individual called support the following day and added it back!

Printers tvs phones laptops , routers, Chromebook tablets. You car!!

Anything with wifi or Bluetooth. My ex added me to his business cloud and created fleet device management. I can’t get away from it. I have no money to keep replacing devices only to have them reinfected within day or days.

This tech is being used to abuse other people it needs to be fixed so it can’t. It’s being used maliciously as much as it is for legit business purposes. :(

apple help us in Canada. We have no cyber laws!

Add me to the list. My suspect has two businesses and I suspect I’ve been made an employee; workspace accounts I don’t have. Google chat I don’t use. iMessage for business. Contact your administrator. Devices restricted to only using data turn in Bluetooth or tethering by themselves. Some have even switched to wifi on their own. Desktops iPhone laptop Chromebook kindle tablet printer. Even my headphones want to connect to a Bluetooth headphone device that nobody here owns. Sometimes it’s it unconnected by tablet and the prompt to pair with unknown device appears.

3 years, 14 phones, 3 laptops 3 routers, two printers, and a smart TV.

we are not crazy. We need help from authorities. Apple needs to be help accountable; when I request a super call they are blocked from calling me and still there’s no problem?!

I’m from Canada. No cyber laws. Police called me delusional. Avoided my reports. Refused to investigate. I page to hire a PI at the time of about 5g if ever want this to end. I’ve been told by a woman’s abuseOrganization is the only way to get a personal stalker because of the above statement; no knowledge or laws for cyber security and victims of these crimes. It’s someone we know. Especially if no random and just torment.

i have been at this going on three years, boxes of paper and 3 harddrives off laptops that have all this. they are safely stored. the current desktop has it too with a twist... i have no microsoft account but the computer is running an insider copy of windows and so is my hp laptop. i did not do this and cant get rid of it without the email and password i dont know!!!

i also have xbox live, gamebar credentials that get loaded back every day! i have keystroke recorder and today guess what? ... i can type online but the keyboard stops working if i try to search the computer!!!!

I’ve been dealing with similar since 2019. However I had a group of high tech hackers move in next door.

I’ve called in/went into the provider store too many times to count regarding this “MDM” issue and many of the things you’re dealing with and have been told that yep I can’t be hacked but if you search online with words “hacker placed men on my iPhone”, or “iPhone hacked”, you’ll find legitimate tech sites showing that apple knew about the problem back even as far as 2015.

There is also the issue of some using Microsoft Azure to do some control but if you go onto your Apple ID and search for system status then look for developer status, you’ll see if you’ve been linked to Apple’s business software or schooltime etc. you may get lucky and be able to click and see exactly the developer that is connected to them. That may help.

You guys are describing, almost exactly, my life for the last two years. I am not in IT but have worked with computers for my career as an artist and let’s just say I’ve been on a Mac since the the first Macs were out and I drove my Mac IIci to college and I’ve bricked and rebuilt more OS’s than I can remember. I have so many screen shots almost identical to the above and the settings toggling back in front of your eyes! Ha! People do call you crazy. I’ve wiped these machines and bought new ones. I’ve been told “it’s not possible” and then had Apple days later push major OS updates (remember the huge Webkit update!) I also have theories as to why money has not been taken, although it’s possible there hasn’t been the opportunity to steal a large enough sum. But moreover I feel it’s probably tactical or botnet.

Thanks for the tips. I would add that I can reiterate that I’ve found that our printer has always been implicit whenever we get it back online. Fancy new routers have not changed the situation. Samsung smart TV browser catch will always fill back up and eventually CPU will fill up. Apple senior advisors have told me that they can only help me with as much as they are trained in doing. I have escalated to engineers but it was beyond me which are the correct logs that are the “smoking guns” and furthermore I started to feel like they string me along as their research animal. (Free Apple bounty?) Now I can also vouch for above mentioning of IOkit, SDK, WebKit, AppStore Connect, use of Game Center and Health/Apple Watch, etc, But there have been at the point of all new Apple ID’s, unfortunately I have one member of my family who needs to have their computer reset by a corporate entity each time so the method above seems unattainable if everything needs to happen in lockstep. We had come very close to resetting every device all at once a year+ ago, but not to the DFU level and not to mention firmware of every other mfr.

also want to note that to me (very abstractly) basically all XCode dev stuff all goes back to IOkit stuff (Spotlite helperUtility is the real brains) , and it’s in the CFBundle (your lovely bad Certificates that allow you to let the floodgates open in any web browser- it doesn’t matter as far as I can tell, and also WindowManager because like DarkAqua and FauxDark Aqua, we know you’re supposed to be there but you are complicit right, parent proces - ???). Watch the SQLite databases for everything. I wish I could read it all and figure it out. (although it’s very MDM to slow updates… regardless) there is a propensity to keep everything legacy or roll a few things backwards, like having to manually update every app and OS, (sort of a version of classic ‘slowly gaining permissions’). I’ve found old modern scripts (sometimes supposed to be there) but then seeming active and logs of ACP (affordable cable-my address is not enrolled), and old firmware on our devices and Mac address changes on our LAN, and really the craziest things.

Anyways thanks for the validation. I’m coming close to the full DFU resets and new Apple Id’s. IDK if it was mentioned, but there is a good help page on Addigy’s website about briefly disabling SIP (system integrity) and the correct terminal commands to wipe any previously existing MDM programming before reenabling it. It might be a good step before the DFU reset or (in my case) between DFU resets!

T3ddy19 wrote:

It does not remove it from your iphone. A subpoena tells you who/what/when/where. Based on state, you might be able to get a subpoena from the sheriffs dept, or DIY, I don’t recall saying court? It’s not taking someone to court. You could get a restraining order (and request removal). The details would show who installed it.

All of that is pointless if you don't know who installed...whatever it is you think was installed.

I was also not aware Siri could do such things, I tried it myself with no results, but the search showed in history? And, Siri does provide web searches, since it was done, yes it can if you have the skill.

No, you can't.

what helpful info have you provided on how to remove the MDM?

Start here:

Install or remove configuration profiles on iPhone - Apple Support

Or, do this:

Restore your iPhone, iPad, or iPod to factory settings - Apple Support

I thought you requested help, as others have.

I most certainly don't need the type of help you do.

You shouldn’t be looking at or digging into Apple devices analytics when you have zero knowledge on what it really means.

Multiple types of Digicert root CA are normal per Apple. See List of available trusted root certificates in iOS 16, iPadOS 16, macOS 13, tvOS 16, and watchOS 9 - Apple Support

Look into: Monitoring the user's proximity to geographic regions | Apple Developer Documentation

and subsystem responsiveness from system diagnosis

_com.apple.SpringBoard_com.apple.UIKit_ com.apple.app_launch_measurement.com_apple.camera.signposts_com.apple.signpost_emitterÑ_kSTYLatencyThresholdInMs#@@ÐÑÐÑ

èѸ+=`}š¸ÁÂÅÈËÎÑÔ

The MDM (or mine anyway) installs a MANAGED Wi-Fi hotspot. That will over ride your hotspot. I was glad to see these postings, as I’d never seen anything like this before. I had an MDM installed on my windows PC on another hospital visit. Found vender name, called them, they removed it right away. But it was not as destructive as this one. How horrible someone is doing this to you after you lost your husband! But he could not fix it either. It would have to be removed by installer (likely someone you know) or Apple. And Apple won’t support this Apple developed app! Reformatting, buying new devices, useless. It gets on everything, Windows, Android, Google, router and more. What it can’t do, it downloads another hidden app to do. I’m trying to collect everything to remove from my home, but I can’t tell what “everything” includes. I also read it can be set to prevent scanning apps for Bluetooth, Wi-Fi and such. You have to buy another device for that (with no Wi-Fi). The State Department of Justice and FBI is interested, send info to IC3 (dot gov).

The first install has to be hands on, after that, all can be done remotely. So, if someone knows your PIN, it only takes minutes. It’s likely someone you trusted very much. And, many of the key-loggers that are often used (found one on mine) often contain more malware.