What is iCloud DNS Bypass

iCloud DNS Bypass is a way of hacking iPhones. I have no idea how this happened on a phone that you purchased directly from Apple unless you jailbroke it. Start by restoring the phone to factory settings and do not restore your backup-->Restore your iPhone, iPad, or iPod to factory settings - Apple Support

I’ve intermittently gotten this for years, a few times many years ago on my Dad’s iPhone 4... but now it has reappeared and sporadically happens on my iPhone XS, brand new, purchased from Apple.

It is a very concerning issue, I’d love some more knowledgeable people to comment on this. Is it a potential carrier related exploit? I’d be curious as to what your carrier is OP, I’m on Vodafone in Australia.

This started today on one of two iPhone 8's. The afflicted one running iOS 12, the so-far-OK one iOS 12.1. Both phones are with Vodafone, and additionally connect to a Vodafone mobile broadband hotspot for WiFi.

Nervous.

I got this today on my Vodafone connected iPhone Xs. NBN went out, so I connected my MacBook Pro to the iPhone's hotspot. Got the iCloud DNS Bypass pop up window.

Disconnected and reconnected a few times, same thing. Reset phone's network settings, rebooted Mac, eventually it stopped happening.

I just had this pop up this evening. Android, Vodafone, Australia. I was using my hotspot last night without a problem and all I've done since with both my Macbook Air and my phone is work. Nothing dodgy, no new downloads.

It's hard to believe there are so few articles around on this and what it is. I've scanned both devices and found nothing, so is it some elaborate MitM attack? I'm sitting in a cafe where I don't usually work from...

I think it’s safe to say the recurring theme here is Vodafone Australia – not any specific phone and not even always Apple devices. Therefore I think the next logical step is to bring this to the attention of Vodafone as it seems to be an exploit/dodgy activity within their network.

What would be the most efficient way to contact them about an issue like this? Anyone have any thoughts?

I think in the context we're all talking about here, it's more likely an Evil Twin attack: https://null-byte.wonderhowto.com/how-to/hack-wi-fi-stealing-wi-fi-passwords-with-evil-twin-attack-0183880/

There's no evidence of any infection on any of the devices.

While that is possible, I don't want to go into any details about the purpose of DNS bypass with regard to iPhones. But it's purpose is to direct the phone to use a DNS server that will redirect the phone to a bogus sites. The simple way to check is go go to Settings/Wi-Fi and check the value of the DNS server. It should be the same as the IP address of the Wi-Fi network. If it isn't the DNS settings have been hijacked. This can be the result of a hacked Wi-Fi router. So the first problem is to fix restore the router to factory settings. Better yet, through the router away and buy a quality one.

Hi Lawrence, I understand what you are saying and it’s been the common response when this issue is reported elsewhere.

In this case though, there is no Wi-Fi router involved, the “router” being compromised seems to be the Vodafone Australia network. I’ve never encountered the issue when connected to Wi-Fi.

My iPhones – this has happened to me on multiple devices – have never been jailbroken and have always been purchased direct from Apple or a Vodafone store. The only common theme is the carrier. For what it’s worth, a full factory restore does not resolve the issue.

I am seeing the same thing. We have a Fritz!Box router connected to the internet via Vodafone AU mobile broadband modem and it regularly caches a bad DNS entry for captive.apple.com of 78.109.18.184 which is the site hosting the bogus "iCloudDNSBypass"captive portal web page. It first started on 15 April and has been happening more and more frequently and now happens multiple times a day. The router needs to be rebooted to have the bad DNS entry removed. Very annoying.

It is very interesting to see this support thread and it seems everyone is a customer of Vodafone Australia. I will contact them. Please also contact them if you hit this issue and you're a customer of them also.

Similar from 2017: https://discussions.apple.com/thread/7409479

And on Whirlpool: https://forums.whirlpool.net.au/archive/2778352

I'm also getting this message sporadically, and it's concerning. I'm using an Android phone as hotspot, also with Vodafone in Australia.