Apple Intelligence is now available on iPhone, iPad, and Mac!

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Exploited Device and Trust Certificates

Ive been trying to confirm whether or not my device has been jailbroken. I had a previous iPhone that was as a result of a hack (yes it is possible, iPhone was plugged into my MacBook when it was remotely hacked and subsequently crashed, then they gained access to the phone, eventually locking me out) so I purchased another one (secondary market..) and it is displaying similar symptoms.

I’ve done some research and one thing I cannot confirm (messaged apple back and forth for an hour, continually receiving useless links that are easily accessible, until they eventually said they couldn’t help me) is whether the Trust Asset Version (TAV), which is date related, correlates with the Trust Store Version(TSV)?

I have two phones one on iOS 14.3, TSV *** TAV 16, the other iOS 15.3.1 TSV *** TAV 16. Can anyone confirm that these two numbers do not correlate and that the TAV does not increase chronologically as the new versions are released?


Thank you for your time in advance,


J




[Personal Information Edited by Moderator]


iPhone 8, iOS 14

Posted on Mar 23, 2022 4:40 AM

Reply
Question marked as Top-ranking reply

Posted on Mar 23, 2022 7:34 AM

Proving a negative is impossible.


Wipe and reset and reload and resume, or contact a firm that specializes in mobile forensics and related investigations.


Restore your iPhone, iPad, or iPod to factory settings - Apple Support


If you’re a target for shenanigans (investigative journalist, senior in government or business, have access to sensitive or classified data, dissident, etc), get help specifically tailored to better managing your electronics and your data.


Here is a reasonable (non-political) list of security suggestions: https://democrats.org/security/


If you have all that in place, have gone through the security recommendations provided by Apple, have two-factor authentication enabled on all sensitive accounts, passwords unique and robust, and your data reliably backed up in one or more places, then forensics and certificates might get interesting, and gaining the commensurate knowledge about macOS and iOS and iPadOS internals and malware and implants.


And if somebody is messing with the trust store without your knowledge and particularly if that is surviving past a reset and restore, you’re deeply hosed.


That you’re seemingly posting personal information here should mean some introspection around your own information management practices, too.


7 replies
Question marked as Top-ranking reply

Mar 23, 2022 7:34 AM in response to RottenApple_User

Proving a negative is impossible.


Wipe and reset and reload and resume, or contact a firm that specializes in mobile forensics and related investigations.


Restore your iPhone, iPad, or iPod to factory settings - Apple Support


If you’re a target for shenanigans (investigative journalist, senior in government or business, have access to sensitive or classified data, dissident, etc), get help specifically tailored to better managing your electronics and your data.


Here is a reasonable (non-political) list of security suggestions: https://democrats.org/security/


If you have all that in place, have gone through the security recommendations provided by Apple, have two-factor authentication enabled on all sensitive accounts, passwords unique and robust, and your data reliably backed up in one or more places, then forensics and certificates might get interesting, and gaining the commensurate knowledge about macOS and iOS and iPadOS internals and malware and implants.


And if somebody is messing with the trust store without your knowledge and particularly if that is surviving past a reset and restore, you’re deeply hosed.


That you’re seemingly posting personal information here should mean some introspection around your own information management practices, too.


Mar 29, 2022 10:24 PM in response to MrHoffman

Well you were right! I am definitely "deeply hosed". After an iTunes factory reset (nothing backed up), a new SIM card, and a new Apple ID, the problem persists. As soon as the phones data is turned on the trust asset version changes, and all the other corrupted Apple Apps that can no longer be removed reappear in the storage. The redirects also continue as well. I've attached an example of what I mean by "corrupted" Apple Apps. The screen shot is taken immediately after the factory restore...

Thought I would share as more knowledge of what is possible, is always better.


Take Care

Mar 23, 2022 1:43 PM in response to RottenApple_User

Wholesale replacement? Interesting approach. Costly. Can be useful for persistent exploits, but whether that was or is the case here is entirely unclear. Probably not all that cost-effective for most of us, and still problematic unless and until the underlying vulnerability—whatever that might be, and if there is one here—is addressed, either.


Reset and reload and upgrading security would be a more typical initial response.


Some introspection around your own value as a potential target is warranted, too.


Put differently, posting variations of “am I hacked?” is probably not going to succeed, absent a flagrant hack.


Direct forensics-level access into the systems purportedly exploited is where this is headed, and that’s not cheap..



Mar 23, 2022 2:21 PM in response to MrHoffman

Thanks again.


I did all of the steps you’ve mentioned prior to the replacement. A factory reset did not fix the phone prior to this one. That being said at the time with my limited knowledge, pinpointing which of the variables, phone, SIM card, or WIFI/network, caused the symptoms to persist wasn’t clear. I started with the cheapest, and worked my way up. However without a laptop it makes things more difficult.

I had Samsung tech support remote access my Smart TV and they said they had never seen what was on there before. Code was altered in the menus resulting in a “Virus Search” option which they said did not exist. My MacBook was crashed, hard drives were partitioned and the typical restore is no longer possible.

All the paid resources I have told me what I am experiencing is not possible, this myth is pervasive, and it is dangerous. The providers, internet & phone, point the fingers at each other, and so does the maker of my device. I feel smaller then a David when I’m dealing with people that are more capable then the previously mentioned resources I had in my corner.

I am a hard working guy that is in the construction industry, far from any of the lines of work you’ve mentioned.

I’ve definitely learned a lot over the past month, but still far from my expertise. I do appreciate your time, and sharing your thoughts.


Time to find a nice book, turn these things off and head outside.


Take Care

Mar 30, 2022 1:07 AM in response to RottenApple_User

RottenApple_User wrote: "...I've attached an example of what I mean by "corrupted" Apple apps. The screen shot is taken immediately after the factory restore..."

Your screenshot shows the normal, uncorrupted result of this sequence of taps:


Settings > Shortcuts > Advanced


...Is that what you did? By the way, here's my identical, normal screenshot:



And Apple's Shortcuts app is very useful, particularly for creating your own custom shortcuts:


Shortcuts User Guide for iPhone and iPad


õ¿õ¬

Mar 30, 2022 8:54 AM in response to RottenApple_User

Nothing in that image of Shortcuts app settings is unusual or unexpected or “corrupted”. Those are the default settings, too.


Here’s the local version of that same settings page here:




iOS has a few latent tools and features that are masked until enabled, and that might be what you are referencing as a “corruption”. As examples, CarPlay is mostly hidden until used, and there are some development-related tools that are also latent until enabled. The Apple Shortcuts app is handy, too. Shortcuts is this app:




And the trust store is an ongoing and evolving database, and not an immutable configuration.


If you were not seeking to show the lighter-colored areas in the included image, here is how to take a screen shot: Take a screenshot on your iPhone - Apple Support


If you are referring to the lighter-colored areas as the “corruption”, that is unrelated to the trust store and Shortcuts app settings and the rest, and might possibly be a reflection, but looks rather like display damage. Whether the display was over-compressed, or something was dragged over the display too firmly, or some other issue, or maybe it’s a manufacturing defect, Apple would have to decide.


Mar 23, 2022 12:29 PM in response to MrHoffman

Thank you for your response.


As mentioned, I had an iPhone that had ALL of the symptoms mentioned the resource I was provided:


Unauthorized modification of iOS can cause security vulnerabilities, instability, shortened battery life, and other issues - Apple Support )


I’ve replaced a Smart TV, 2 iPhones, 2 modems, and a MacBook due to the original exploit. No one at Apple, my cell phone provider or my internet provider could be of any assistance. Now I am trying to educate myself before starting over and moving forward, but after hundreds of hours I cannot find the answers to the questions I have. For example no one at Apple explained that number was personal information, seems like that would be an important piece of information to relay. Before connecting a potentially compromised device to my 3rd modem, I wanted to be sure I wasn’t causing more harm.


Thank you for your time,


J

Exploited Device and Trust Certificates

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.