I think my iPhone has been hacked

There is nothing that mere mortals like us can learn from looking at diagnostic logs. Even Apple engineers don’t read raw logs, they have apps that analyze the logs and report anything that needs attention.

If you have not jailbroken your phone or given it to someone along with the passcode your phone has not been hacked and does not have spyware.

salena272 wrote:

Command:         itunescloudd

Path:            /System/Library/PrivateFrameworks/iTunesCloud.framework/Support/itunescloudd

This does not look to me like an indication that your iPhone has been hacked. It looks to me like iOS decided to intentionally crash a system process related to iTunes. "itunescloudd" = "itunes" + "cloud" + "d" (for daemon), suggesting a background process having to do with iTunes in the Cloud, iTunes Match, and/or Apple Music.

CPU:             90 seconds cpu time over 121 seconds (74% cpu average), exceeding limit of 50% cpu over 180 seconds

This system process was chewing up a lot of your iPhone's resources doing something. Maybe the amount of synchronization work was larger than the developers expected, or maybe there was some bug which made the process eat CPU time like it was so much Halloween candy.

Either way, I wouldn't be surprised if this caused some watchdog to decide to shoot the offending process. Or, at the very least, to log this information about it.

Heaviest stack for the target process:

 54 ??? (libsystem_pthread.dylib + 5756) [0x1e0aec67c]

…

 3 ??? (libobjc.A.dylib + 8248) [0x191462038]

This is a call stack associated with the process. It tells us what parts of the code the process was running, and it would be a LOT more informative if we had access to the source code, and the tools to translate these addresses back into references to source code.

It is not an indication that you were hacked.

Analytics and telemetry logs are filled with scarily- and ominously-worked and utterly benign and ever-increasing piles of data. Data that is intended for Apple and their automated scanning tools, and for app developers checking their own apps.

If you want to spend your time looking for an unknown number of needles in ever-increasing haystacks, without knowing what the needles even look like, without knowing if there even are any needles, have at.

Every telemetry screenshot I’ve ever seen posted around here has been utterly benign, too. Utterly benign.

From the name of the process (“itunescloudd”), I surmise that it is likely to be a standard Apple background process having to do with cloud-based synchronization (iTunes Match, Apple Music Sync Library, etc.).

The stack dump would be most useful to someone with access to the iIOS source code, and tools to translate from the addresses on the stack into source code file names and approximate line numbers, I do not have that access, but recognize what the dump is for, having worked on other software for other companies.

The “CPU: 90 seconds cpu time over 121 seconds (74% cpu average), exceeding limit of 50% cpu over 180 seconds” indicates that this process was using far more of the computing power of your iPhone than the software engineers expected it to use under normal circumstances.

To me, this report is not evidence that you have been hacked. It is evidence that there may be some bug in itunescloudd (or some code that communicates with it) that causes excessive CPU use under certain circumstances.

B123code wrote:

iPhones are very difficult to hack. What you have shared looks like a system report, which is completely normal. If you feel like you’re at risk of a remote hack, then enable Lockdown Mode.

Unless they have jailbroken their phone or are a high-profile journalist, politician or activist whose data would be worth hundreds of thousands of dollars to acquire, they are not at risk of a remote hack.

Also, you're replying to a post from April. I don't think that person has been seen since.

Forty666 wrote:

Ja ne mislim ja tvrdim da moj telefon je hakiran,meni stalno uklucena kamera,mikrofon,molim vas!!!

Automated translation (Croatian detected): "I don't think so, I claim that my phone has been hacked, the camera and microphone are always on, please!!!"

Claim what you like, but a log that appears to concern an iTunes system process is hardly overwhelming evidence for your claim.

I'm pretty sure that if you use Siri, the microphone is on all the time, in the sense that the phone is always listening to see if you are saying "Hey, Siri, …". That doesn't automatically mean that others are spying on you.

Hey there,

iPhones are very difficult to hack. What you have shared looks like a system report, which is completely normal. If you feel like you’re at risk of a remote hack, then enable Lockdown Mode. Otherwise, if you haven’t shared your iCloud credentials with anyone then you should be good to go 👍.

If you feel an unauthorized person/app is remotely accessing, controlling, or monitoring your device, then that is possible only if you have done one or more of the following Don'ts...

1. Don't hand over an iPhone to kids or to a stranger without Enabling Guided Access
2. Don't share Apple IDs
3. Don't Jailbreak
4. Don't share sensitive information pertaining to your device
5. Don't give in to Phishing
6. Don't plug in your device for charging your device in Airports, Public Transport, or public places, and trust the device. Beware of Juice Jacking. (Especially in India)
7. Don't leave your iPhone unlocked and unattended in public places like offices, schools, malls, etc.

If one of the above is true then quickly change the Apple ID Password and Return iPhone settings to their defaults.

Brandizzle760 wrote:

What does this mean? I don’t have an iPhone 14!!!!!

It’s undocumented log chatter specifically around Siri suggestions.

That entry shows nothing useful.

Logs and telemetry data are seldom useful.

Other than to Apple or the app developers that generated the entry, that is.

That particular log entry is from an iPhone 13.

I’m thinking the same thing that Selena 272 is. I have a lot of the same analytics that she is sharing in her message. However I have an iPhone 14, and these analytics keep referring to an 11,8. Also I received information that an iPhone 11 Pro accessed my yahoo account and furthermore I cannot access my facebook account. I’m really annoyed with the whole situation. What can I do? And is there a way of finding out who ii

BB-87FCF2D9FC50","is_first_party":0,"incident_id":"C555908E-B115-4176-A938-004BE9964832","timestamp":"2023-07-16 17:47:26.00 +0200","app_name":"appleh13camerad","name":"appleh13camerad"}

Date/Time: 2023-07-16 17:45:14.187 +0200

End time: 2023-07-16 17:47:25.811 +0200

OS Version: iPhone OS 16.5.1 (Build 20F770750d)

Architecture: arm64e

Report Version: 40

Incident Identifier: C555908E-B115-4176-A938-004BE9964832

controle digi day ?????? Spyware???????

How about when the apple manager comes up to you at the Genius Bar and says please sir and mam we need you to leave the store cause we don’t want whatever is happening with your product to infiltrate our network. What about then?

That’s an XML document containing data to be exported, or some similar related data transfer.

Looks pretty typical, too.

As for HL7: “About HL7 International

Founded in 1987, Health Level Seven International (HL7) is a not-for-profit, ANSI-accredited standards developing organization dedicated to providing a comprehensive framework and related standards for the exchange, integration, sharing and retrieval of electronic health information that supports clinical practice and the management, delivery and evaluation of health services.”

Apple mayor may not be reading postings here, and I’m unaware of a relevant authoritative body to forward this XML. And I’d be cautious about what gets posted generally, particularly around healthcare data.

MikeIneedHelp3579 wrote:

I tried putting a screenshot of something on my phone it’s very strange do u have any knowledge of what these symbols mean. For some reason when I select the photo and press done it jus disappeared 6 times nothing new for my phone tho. So this domain always shows up in different apps in my

notes it COM.GOOGLE.PLAYMUSIC I believe this is part of whatever is controlling my phone

I don't know if this is related, but on Macs, a lot of files in Preferences directories (and other system directories where third-party applications might store things) use names that look like Internet site names except that they are "backwards".

I think this convention is just a way of ensuring that two different application developers are very unlikely to pick the same name (and step on each others' files) by accident. Only one company holds the domain "apple.com", and so if Apple starts their preference file names with "com.apple", that sets them apart. E.g., on my Mac, I see:

% cd /Library/Preferences
% ls
…
com.adobe.reader.DC.WebResource.plist
com.apple.AppleFileServer.plist
…
com.apple.bluetooth.plist
com.apple.dock.plist
…

If I came across a file with the name "com.google.playmusic" in a Preferences area, I'd think that it was created by some Google application. When I did a search for that filename, it turned up this YouTube page – which says that Google Play Music is no longer available, and directs you to YouTube Music. (Google owns YouTube.)

https://music.youtube.com/googleplaymusic

So it might be some file associated with Google Play Music that is no longer relevant … or might be a file that the YouTube Music still uses (since it's not like most users would go looking at internal filenames).

A normal user like me do not want to know what these analytics data mean. These should never bother anyone especially when there is no issue with your device.

These are meant for diagnosis when the iPhone goes for service or repair to the Apple Authorised Service center.