Apple Intelligence now features Image Playground, Genmoji, Writing Tools enhancements, seamless support for ChatGPT, and visual intelligence.

Apple Intelligence has also begun language expansion with localized English support for Australia, Canada, Ireland, New Zealand, South Africa, and the U.K. Learn more >

You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

📰 Newsroom Update

Voice Memos update brings Layered Recordings to iPhone 16 Pro and iPhone 16 Pro Max. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

What is iCloud DNS Bypass

I just connected my MacBook Pro WiFi to my iPhone personal hotspot, and an app window appeared telling me I was now using iCloud DNS Bypass Server ... Little Snitch showed it wanting to connect to captiveagent, Captive Network Assistant, and identityservicesd.


Google shows iclouddnsbypass.com as a site which may damage your computer.


FWIW my iPhone has Find My iPhone enabled and it was purchased new, unlocked from Apple Store by me.


I see this issue was posted in 2016 and supposedly router-related.



https://discussions.apple.com/thread/7409479


Posted on Jan 23, 2019 2:07 PM

Reply
Question marked as Top-ranking reply

Posted on Apr 16, 2019 4:51 PM

iCloud DNS Bypass is a way of hacking iPhones. I have no idea how this happened on a phone that you purchased directly from Apple unless you jailbroke it. Start by restoring the phone to factory settings and do not restore your backup-->Restore your iPhone, iPad, or iPod to factory settings - Apple Support

Similar questions

23 replies
Question marked as Top-ranking reply

Apr 16, 2019 4:51 PM in response to Thunderclutch

iCloud DNS Bypass is a way of hacking iPhones. I have no idea how this happened on a phone that you purchased directly from Apple unless you jailbroke it. Start by restoring the phone to factory settings and do not restore your backup-->Restore your iPhone, iPad, or iPod to factory settings - Apple Support

Apr 16, 2019 7:28 PM in response to SnowLeopard448

Other than only happening once, my case is the same as for SnowLeopard448: iPhone, purchased new from Apple, NOT jailbroken, connected to Vodafone AU, used as a Personal Hotspot, connected to my MBP.


I don't think izazael is correct here. My MBP simply connected to my iPhone HotSpot, as it has done may times before, and there was no prompt for a password.





Feb 8, 2019 3:36 AM in response to Thunderclutch

I’ve intermittently gotten this for years, a few times many years ago on my Dad’s iPhone 4... but now it has reappeared and sporadically happens on my iPhone XS, brand new, purchased from Apple.


It is a very concerning issue, I’d love some more knowledgeable people to comment on this. Is it a potential carrier related exploit? I’d be curious as to what your carrier is OP, I’m on Vodafone in Australia.

Mar 21, 2019 12:03 AM in response to Thunderclutch

I just had this pop up this evening. Android, Vodafone, Australia. I was using my hotspot last night without a problem and all I've done since with both my Macbook Air and my phone is work. Nothing dodgy, no new downloads.


It's hard to believe there are so few articles around on this and what it is. I've scanned both devices and found nothing, so is it some elaborate MitM attack? I'm sitting in a cafe where I don't usually work from...

Mar 21, 2019 12:21 AM in response to izazael

I think it’s safe to say the recurring theme here is Vodafone Australia – not any specific phone and not even always Apple devices. Therefore I think the next logical step is to bring this to the attention of Vodafone as it seems to be an exploit/dodgy activity within their network.


What would be the most efficient way to contact them about an issue like this? Anyone have any thoughts?

Apr 16, 2019 5:09 PM in response to izazael

While that is possible, I don't want to go into any details about the purpose of DNS bypass with regard to iPhones. But it's purpose is to direct the phone to use a DNS server that will redirect the phone to a bogus sites. The simple way to check is go go to Settings/Wi-Fi and check the value of the DNS server. It should be the same as the IP address of the Wi-Fi network. If it isn't the DNS settings have been hijacked. This can be the result of a hacked Wi-Fi router. So the first problem is to fix restore the router to factory settings. Better yet, through the router away and buy a quality one.

Apr 16, 2019 6:29 PM in response to Lawrence Finch

Hi Lawrence, I understand what you are saying and it’s been the common response when this issue is reported elsewhere.


In this case though, there is no Wi-Fi router involved, the “router” being compromised seems to be the Vodafone Australia network. I’ve never encountered the issue when connected to Wi-Fi.


My iPhones – this has happened to me on multiple devices – have never been jailbroken and have always been purchased direct from Apple or a Vodafone store. The only common theme is the carrier. For what it’s worth, a full factory restore does not resolve the issue.

Apr 17, 2019 4:14 PM in response to Thunderclutch

I just received an email from Apple saying my post was deleted because of "questionable advice" ~ I cannot understand why because all I was suggesting was that if you are encountering this issue you should check what DNS servers are shown on your devices.


I also noted that if you type in the URL at the top of the image in screenshot in the original post you will be taken to the URL shown at the bottom of that image and you will see exactly that page shown in the screenshot . What I - and I guess other people - saw is the interface page for the "iCloudDNDBypass" app which mimics iOS settings screens. It doesn't mean that we've been hacked or infected etc, just that for some reason - possibly related to Vodafone - we've been directed to that page.


Apr 17, 2019 4:27 PM in response to Lawrence Finch

Thanks Lawrence, that makes sense.


BTW I just found the following on the iCloudDNBypass web site (in the usual bad English):


Apple fixed exploit used by iCloud DNS Bypass


Server worked during last half year thanks to exploit that Apple didn’t fixed long time. Apple developers just forgot to add letter ‘S’ to HTTP url that brings as to help page. It allowed to redirect page to iCloud DNS Bypass. But now Apple fixed it to HTTPS, what means it become encrypted and impossible to redirect anymore. No longer works on all iOS.


I have work at great features that now become impossible. If apple didn’t patch exploit, than you would receive full featured offline mode with ability to open photos, videos, music, books from device memory.


He then goes on to invite you to use another app/technique which has limited functionality.


So we have nothing to worry about, aside from the usual corporate policy of "never inform, never apologies, never explain."

Apr 26, 2019 5:04 AM in response to Thunderclutch

I am seeing the same thing. We have a Fritz!Box router connected to the internet via Vodafone AU mobile broadband modem and it regularly caches a bad DNS entry for captive.apple.com of 78.109.18.184 which is the site hosting the bogus "iCloudDNSBypass"captive portal web page. It first started on 15 April and has been happening more and more frequently and now happens multiple times a day. The router needs to be rebooted to have the bad DNS entry removed. Very annoying.


It is very interesting to see this support thread and it seems everyone is a customer of Vodafone Australia. I will contact them. Please also contact them if you hit this issue and you're a customer of them also.

What is iCloud DNS Bypass

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.