MDM on personal iPhone - Businesses, unauthorized developer activity HELP!

Part 3, they have also done Siri searches on community! I was not aware Siri could do such things. My scenarios like health data is just like yours! Same with all, Game Center, iCloud (which I never used before), also frequent views of calendar, photos, notes and more. Plus many scripts under shortcuts. Beware of running these scripts. You can view them by clicking on the ellipse or “…” note that some words may sound innocent, but the actual full coding is usually stored in a cloud (not iCloud). Some of these scripts also allow full remote control. SSH over port 22 was used to access the network, I gather to expand beyond what the MDM could do, such as installation of a hidden key-logger, found in registry of a windows PC.

I would not openly identify who you suspect, it is perfectly legal (from what I understand, but I’m not an attorney) to identify a suspect, but you might be wrong, and you don’t want to damage someone’s reputation (or I don’t). Especially if you once cared for this person. It’s likely someone you were very close to at some point, and they could have had a key to your home.

So read, study, beg for help, hire pros, new equipment and you will be wasting time and money! Although I’ve learned more than I ever wanted to know about Apple security.

Oh, another “hacking event” with Apple seemed to show up as a 44 page document on my iPhone (were they helping me? Not sure. But it was a guy named Hinchy (I think) vs NYC, this guy was selling Spyware under the guise of Parental Control Software, a 44 page document. He was fined $440k in court. And I should add that I can’t delete notes anymore, the options are removed.

Anyway, with so many issues it’s hard to stay focused. The point of the summarized and difficult to find hacking incidents is to provide absolute proof to authorities in hope of getting this to stop.

So, collect data, document, locate hidden apps, (many are free and impossible to remove). Try to provide brief summarized readable by anyone information (you can add details behind that data) by category (email, apps, settings, rogue connections, unwanted changes, if applicable fraud, credit card applications (freeze credit) and so on. Most people don’t read more than the first page! Keep in mind that everything is monitored. Apple must keep data for 10 years, some for 20 even though most reps deny that fact. After you have a reasonable amount of data, provide this info to local authorities. But first find out if the local Sheriffs Department will help, I’ve read they are more likely to help with a subpoena than police. The subpoena will not be accusatory or cause the attacker to get charged, but you could request a restraining order.

And, scan house for active devices, almost all IoT contain no security or very little, my Rokus were compromised! The data was viewable on the router. Check out Wi-Fi connections listed under Wi-Fi. There is a way to view the password on devices that have previously connected, look that up I don’t want to post here! Look for rogue managed hotspot, include that with documentation. Anything that has been brought into your home is likely compromised, even things that were not set up. Smart TVs and sound bars for TVs can be compromised. Go to a public network and look at your email and accounts, view source, I’ve found many pages of creation of a fake email “pass through” page that restricts the view source function on MDM. Keep in mind that public Wi-Fi is generally not safe. But at this point you are already compromised. The MDM uses “web clips” you may have noticed this being used under certain apps, some are valid, some are not. But the MDM does not use Safari to browse, it uses web clips! This enables site blocking, removal of tool bars, and fake pages.

On email, in Apple and other mail, there are automatic deletes, password resets, security vender emails, monitoring alerts, much more! Especially if a premium support option has been added. Look at shortcuts, fake emails can be sent from shortcuts with your email address. Under shortcuts, go to the bottom, type in email or message, one will say send email or message, try sending yourself one, see results. Beware of executing any script, many do much more than what’s stated, search on bottom for ssh, if it’s been used, it will show up. Apple apps provides programs that allow the user to create scripts using several different programming languages. Search on App Store to see this app. It’s not the library, but the one that specifically provides the ability of SSH, CMD, and others.

And realize even if you harden your firewall this can be circumvented with the hotspot, bypassing rules.

I thought I would run out of space, so continued. Show recent “in the news”attacks on IOS and other devices, this will help with local authorities to understand this is a huge issue! Look at Wiggle dot net, this will provide network activity, the source, connectivity (bluetooth, Wi-Fi and so on) and if you create an account, a must, your specific data. You will likely see a spike in network activity. I was most surprised to see the volume of Bluetooth activity, unaware that one BT connection could attach to and take over 8 devices! This started after unplugging my network, with help from the hidden hotspot, and I found several things in my home, Wi-Fi connected smart bulbs, altered door bell, more. The Wi-Fi must be on for detection. And in my car, it must be moving prior to detection.

if you suspect someone, you are likely correct. I’m almost certain the first MDM must be installed locally, with device in hand. After the first install, the rest can be remotely installed. BTW, there are methods to look at more data on the device, I’ve not tried it, but it requires a working device and Intune (I think).

Id also try to ask the person you suspect if they are doing it, and request them to stop before taking it further, if you care about this person. The subpoena will tell you who/where/when, then a lawyer would likely be required. Or you could get a restraining order. I don’t want to cause harm to the suspect, and I’ve already been told the who/where part. In addition my nieces Apple account was on one of the missing iPads! So if someone is within or around your network I guess they can install on other devices within the designated area? I’m really not certain exactly how her Apple ID was compromised? It had my account on it. And worse, some installed malware contains other bad activities, of which I have no way of knowing which malware is doing this or how. WiGLE dot net shows some info on this. They can also completely control your phone, (and email), block phone calls, make phone calls with your number, using accessibility apps, switches, any number can be added and make and receive calls (if you find your phone not working). These calls will show up in history under FaceTime, but when you look, history is quickly deleted. There are other apps that do this as well. Unlike years ago, when spoofing or faking a phone number, this allows 2 way communications! I suspect they could receive authorization codes as well. My screen has shown “a new iPad/phone” has been added to your account, but they don’t show under devices. Once or twice I saw the missing device listed, called Apple, they “untrusted” it, but the individual called support the following day and added it back!

Ok, part 4, if I’m allowed 4 posts.

This is about 1%. Do a wildcard search on you Linux box using MDM, both in files and in root. I know nothing about Linux, but on windows the search would be *MDM*.* then the same for system or root files, but use the % in place of the * then note the location. Other files will likely be listed under the same location. Many may be cab (or cabinet files), most are encrypted.

ok, I’ll try to summarize again:

collect data from all sources. Create a one page summary by category, email, rogue emails (my Facebook account was removed after my address was used to send links to my no longer available contacts, a virus?). Also, look for emails that you did not send, and settings changes on device vs on public. System changes, harder to document, you could use a video. Deleted or offloaded data (check for added cloud services other than iCloud). Look at FaceTime history, I deleted FaceTime and it came back. Rogue hotspots, scan house for Wi-Fi, NFC, Bluetooth, RF and such. Avoid paying large sums to “pros” for scanning. Look at internal images of smart bulbs online. Look at YouTube to see how Wi-Fi can be added to almost anything! Document and provide images for the things you listed above, reference page numbers in summary. Include recent attacks, they are difficult to find, but they are out there. The Attorney General in NYC got a lot of press on his find with Apple Phones. There was another article on YouTube also WSJ and iPhone attacks, but I don’t recall the details. I think if you can provide proof and get authorities interested in what it could do for them it might help, plus, it’s all (mostly) new, except Pegasus which they keep announcing as new but it’s been around since 2015. They will also ask why you think you are a target, implying you are a nobody, why would anyone be interested in your information. There are articles on why ppl are cyberstalkers, look this up to provide an answer. My work history has including a couple of high target risks (such as banking Information Security) which has made me a target in the past, or it could be an X BF or GF. Provide info on why.

I think everything has to go. Unless you are able to get it removed by installer and you trust that it’s really gone. I hate to say that! And I don’t know what “everything” includes! In my case, alarm system, Rokus, PCs, IOS, Samsung TV (research vulnerable TVs). Firewall (id replaced my router/firewall about 6 times hoping to block it before I knew what it was. Avoid using credit cards online, buy gift certificates specifically for Amazon, or other accounts. Watch closely charges on credit cards. Get a list of hidden apps asap, they don’t keep that info for long. It’s also good to keep dates of things happening, but that’s so much!

Some apps seemed to have opened a back door to other attacks, but that’s difficult to determine. If you find a smart bulb or other such device, you might want to call authorities to remove it, if they are willing. Some newer devices will unscrew, but one had a big visible green circuit board and emitted a loud Wi-Fi signal.

Check out devices on you router/Firewall, try to identify unknown devices (if you can access the firewall. Note they may change the name of your Linux box to something else, so get MAC addresses if possible. And, look for NFC, they look like little circles if paper! Lookup online, scanners will pick them up.

I’ve tried everything I can, contacted venders, replaced equipment, bought software, scanned, recorded on cameras. But I’ve not yet completed a report to IC3 dot gov, or finished report to local authorities. 1st, it’s all been very difficult and excessive, second, not wanting to cause harm. But it gets worse, not better at least so far. Also, like others, when I try to get help from various sources, something worse happens again! I wish we could speak in person. Good luck, let me know if you are able to remove this mess. PS, the DOJ and FBI are all over this MDM because it over rides all security and it’s very dangerous. That’s why you must report to IC3!

Yes, I do have a hidden hotspot! I found 3 or 4 with very active Wi-Fi signal, one an older hotspot reactivate, another older version of a smart light bulb, it almost looked home made, not like the ones I’ve seen today that are flat and round on the inside of a bulb. And my doorbell was converted to a Wi-Fi hotspot (it does not require Wi-Fi to work!

Most of the “tools” used have been either native apps, like accessibility apps and a switch that permits 2 way communications (it can both make calls and receive PINS or authentication codes using my number!). Imagine what that does for banking and such!

Many “hidden” apps have been downloaded. Most say for Corps or companies only, completely hidden MDM that does not show under VPN, 2 banking apps, 2 email manipulation/deletion apps ( they are for organizing email) but used to delete info on password resets or security vender info, one app includes a screen recorder and it grabs text from whatever you look at. It shows symbols when it’s used, a random eyeball, and another symbol that looks like a screen or window with bars. If you click on it, text is selected. I logged into that app, but had no options, it created a 45 minute screen recording, then sent an email to me and the vender (who knows who else).

Fake emails created from shortcuts/scripts, also, it uses SSH remote access. Most of the actual coding is stored in the cloud, so you can’t see the full script, JavaScript. Turning it off makes no difference. Also, I went to another computer and found my email was going to another fake site, the name was the same, but it removed a lot of activity that was going on, hidden email, auto deletion of mail, no ability to view source of emails.

Most web sites are redirected the same way as email, yesterday, it was my banking site!

Before, you could not ssh on Apple, but now “there’s an app for that”.

One thing that is required for the MDM is “web clips”. According to Apple, you go through web clips for internet, not safari! You can’t uninstall it. When I attempted to download the MDM on a device, it said “contact your administrator, you don’t have permissions”. And it was the only app I’ve ever seen that came with a “hide” button on download.

The MDM uses the serial number, which is also the Wi-Fi address, so no matter what you do, they can find you. It also scans your network for any new devices of any kind.

Bluetooth is also used in many instances (idk if MDM related or not), but Bluetooth can connect to 8 devices at once. So anything especially IoT can (and did) get compromised. Alarm system, streaming video devices, certain TV sets, headsets, some remote controls, almost all TV sound bars. I’ve read these must be isolated in the guest network. Any device in your network is trusted by default, leaving you wide open.

reformatting, new devices, renaming, changing user name, all does nothing. It also “broadcasts” leaving you open to more hackers! And Android can get bricked immediately. I’m thinking the hackers must have compromised the MDM, I know it’s supposed to show up. But, they had a huge attack with 13 million devices compromised around 2015, that came from using or looking at apps in the Apple Store, and JavaScript.

I keep hoping it will stop. In my case, it’s a local person, as they came into my home after compromising my well known alarm system. And, there is so much more.

Mine seemed to happen after I had an extended hospital stay.

I’ve learned you can’t get rid of it. I’ve bought new devices that are compromised before I get them out of the box!

Sadly, there doesn't seem to be any help and the ones that will respond, will tell you you are either crazy or you can't be hacked unless you have your device to someone.

For what it is worth I have been dealing with this and here is what I have learned; you need to delete your old apple id's and confirm that they are deleted. You may not be logged in to any (neither was I) but it has something programmed into the IOKIT boot so you cannot reset the NVRAM properly, leaving find my process to look as if the activation lock is on.

Make appointments for each apple product to have a firmware/software update through DFU mode and make sure it is DFU because a factory restore will not remove the cache that is lingering in the files. This should all be done at the same time otherwise it will talk to the other device and reestablish itself.

The factor reset you are doing doesn't work because it does not empty the trash and it seemingly blocks any terminal command to do so as well.

Before you boot up your computer(s) & phone(s) delete and confirm you have deleted all of your previous apple id's. Write down the code it provided to delete the id because chances are you will have to call to

confirm its deletion.

If you have a google ID, check to see if you are enrolled in any trial based workspace or fire base programs. Workspace allows device control as well.

I have changed our TV's and printers but it still seems to latch on to any printer so now we do not print. Debilitating to say the least.

I believe that there are enough of us out there to confirm that this problem exists but apple will not respond until they have fixed it. I know it sucks. Two factor everything and I wouldn't suggest any external usb or thunderbolt security keys.

I also would not suggest any products other than apple. That will only make your situation worse.. even the keyboards because it will load a generic driver onto your device. Only use apple wires as well. I am definitely not an apple advocate, only sharing what I have come to accept and learn.

You may have to go line by line in settings on your iPhone to turn off everything that you do not use and if there is an arrow on it, click to make sure there is not an opportunity to bypass your defaults. The Mac computer is the same and there are probably about 100 Plists that will try to alter your default settings so do not take anything for granted until you have clicked through it all. Plists are just preference and apple will tell you that it does not mean that they are being used. That is absolutely correct but the Plists I have seen start with NVRAM and a fmm (find my

mac activation) which is huge problem.

for whatever reason it uses nfc and mdm BUT mdm does get removed later on during the process. It keeps respawning. So it isn't necessarily MDM as much as it is trying to be so I presume that there is some detail in the MDM program that helps it get what it needs.

The shared cache you are seeing is at best guess, all of the info it has collected on you and will keep looping together. This is just a guess but I have been watching it on mine as well. I could 100 percent be wrong but I believe the cache is what keeps this process communicating between devices.

There are enough of us out there with this problem. I am sure that we have a common thread but I have no idea what it could be. I just know that no one is going to help me or my family and I am just going to have to do my best to keep my kids safe.

I could bring a new computer into this house and within ten minutes watch it try to harvest my old apple ids, while Bluetooth sniffing and try to connect to something nonstop. Eventually, it gets back in and the new id becomes corrupt, I delete it and start again hoping the last apple update resolved this issue. Two years later and I am headed back to the Apple Store today to pick up a couple of devices.

I wish someone had better news for the both of us but this is the best advice I can give you.

Same thing is happening to me. While I was in the hospital, a mini 2 was stolen. I kept old ones for fear of data compromise, now, everything is compromised. Tried reformatting, buying new, paid professions, Apple support. Just deleted account with special permissions, but before I received notification (email likely deleted), 2 devices rebooted and had been reformatted. Apple Configurator (MDM) showed up in purchases (although it’s free) tried to delete, no luck.

Once this is on one device, it spreads to everything, Windows, Android, and it can control other devices, like IoT. Many devices destroyed.

I downloaded it on one device, tried to execute, and it said @administrator permission is required”. When I touched the icon, it had an option to hide the application. Several other apps were purchased and hidden. Apple has a page where you can see these apps, but only a few months back.

but I’ve tried everything to show app icons on desktop (I found about 6 ways), nothing works. The NDM is supposed to be “vetted” by Apple, with a fully qualified domain name. But I found a site that will provide this for scammers. Family sharing is enabled to allow it to spread. Location services is always turned on, after my home alarm was compromised, they entered my home and left 15 minutes before I returned per alarm log. Apple developed it, so contacting developer does not help.

This has enabled fraud, theft, identity theft, stalking, lost accounts, lost $20k+ in damaged equipment (old and new). The MDM creates a “geofence” which is the area around your home, when a new device is discovered, it adds the MDM. I can’t see Apple files, but on Windows, it shows over 1,000 files! If you have a Windows device that still works, go to file explorer, search on *mdm*.*, and for root, search on %mdm%. It transfers data on a regular basis, I think using telemetry. Also, look under windows update schedules, you will see the transmission data there.

I would think the first install has to get physical access, but I’m not certain. But after the first one, it’s all over. They have complete control. Other devices impacted included my Roku, router, and home Alarm system. Any IoT device could be impacted as many have no security, it trusts anything inside the network.

All attempts to get help have been blocked, email, online forms blocked, phones compromised using “assessibilty” options which permits using your phone number for password resets!

Also, look at shortcuts, I had 87 in mine, plus in the same area, recorded chats, web sites and more. Don’t attempt to execute any. I hope Apple fixes this major flaw, look in App Store for Apple Configurator, it clearly states this app is vetted before allowing installation! If you find anything, like how to unhide device, or delete, let me know. But it’s designed not to allow an uninstall. When I changed my account name, and reformatted everything, back to factory, it was gone for a few hours, but quickly returned, even with network unplugged.

My guess would be it’s someone you know. It’s fairly easy to copy a phone or iPad within minutes. The first device is reformatted to “transfer to new owner”, then placed beside your device. Once you do that, it all ask if you want to transfer data to the “new device”. If they know the PIN, they enter that number and it only takes minutes. If you have saved passwords, they are in clear text.

Good luck! Check out your purchase history. I understand Apple keeps data for 3 years, and it includes the actual IP. A subpoena is needed to get that data. Once you identify the hacker, you could get a restraining order. But they are expensive. I found a DIY subpoena, but I don’t feel confident with my disabilities standing before a judge. And another warning, it has “beacons” that advertise your address and back door. Now it appears other hackers are getting in. Even with network unplugged. This part I don’t understand (on other devices), uss they use cell phone data or are parked at driveway.

I’m a former Global Info Sec Manager, certified. I can’t get my hand on the needed tools to even get a peek inside, but I have many of the same symptoms. Check out “shortcuts”, there should only be a couple. If you click on the eclipse, you should be able to see actions, I had 87 at one point. Some brought back pics of the hacker, obviously to bother me, although back doors were opened, fraud, including fraud downloads from App Store that were hidden, an Apple feature. There is a site where you can see hidden purchases, and Apple provides info on how to view them, 2 banking apps, 2 remote control apps, 2 email “management” that deleted all of my email from 1 account that I’d had since the inception of email, more. All completely hidden. The download for the MDM showed up again, I attempted to download, but it said I needed Admin access. And when clicking on the MDM icon, it had an option to hide! There is a lot of JavaScript included. Like you, I also see regular activity to Game Center, Health or Fitness, Notes, Books and calendar along with many other settings that turn back on right after turned off. Mine are all personal devices, never Corp owned. You must have a Mac to install, at least for the 20 free licenses. And sharing turns on as well, this allows any device on your network to share certain apps, and it spreads software to Windows (including MDM) if you have windows, do a search on *mdm*.*, there will be over 1,000 files if it’s on there. If you have anything you want to keep, back it up on a usb drive, Amazon has a photo stick that will allow you to copy pics. There is an app that will create a zip file of contacts, but my email auto deletes a lot of email, even Apple Email. Search on DOJ MDM and antitrust, they mention the MDM on parental controls, but also other devices and it’s deemed a huge security risk. Report it on IC3.org, if it will allow you, it blocks me. Check out your scripts, see if it’s collecting recent data, such as calls, websites. At the bottom, it says something like search for apps, type either ssh, JavaScript or Script in there, see what results you get. It’s most likely someone you know that has a MAC computer and has access to your devices. I can collect data, and see what’s going on, but I can’t stop it. Oh, my router and firewall are unplugged, but it is still getting in, verified cell data, and it’s not there. It’s using a remote access tool, and has the “root” password? It is showing an internal IP address, not cell phone. But many ppl have the same internal IP addresses. But Bluetooth will turn itself on, on the first page of settings, or says Wi-Fi off, but when you select Wi-Fi, it’s on and green. It shows that it’s scanning the network for devices, indicating I have 22 and 22 were expected. It shows much more. But since it scans everything, you can’t add anything new without it taking over. I bought a small Amazon fire to avoid the high cost of another IOS device (I’m disabled and on fixed income. But it installed parental controls before I could set it up! Most security programs require Corps only. But I’m not a Corp, and someone downloaded it! I have a couple things in the works. If I could have a Windows PC, and a simple phone (at this point), I’d be OK, but the hacker will not permit it! 1.6 years to date. BTW, depending on where you live, you might be able to get a private eye or attorney then get a subpoena. Apple told me they have “real” user info, even if they obfuscate it. Then you could get a restraining order (or sue depending on what you find). It’s hard to track phone activity (they have spoofed my phone even to call Apple and reset passwords on everything. When you looked at Analytics, did you see scanning and counting? I’m not sure, but think it occurs when you reboot, I’d just reformatted again, a few differences, but it was on Wi-Fi right away. And 22 devices? Nothing is turned on or plugged in, I had to remove the Roku devices as well!

Wow! I am glad I came across this tonight. I have been dealing with this since March ‘23. My windows, Mac and Linux PCs are infected. My iPhone 13 Pro (typing on) , Google Pixel 6 pro and Samsung A13 android all infected. Every day I get more and more information. I signed up as an apple dev so I could install iOS 17 on here. The analytics data has been great. It is causing a lot of the processes to break and automatically create bug reports. That’s what I am out researching tonight. I have created new iCloud accounts, google accounts and stopped using WiFi / Bluetooth and it doesn’t matter. They even were able to take control of my Infotainment / GPS system in my 21 Audi via Bluetooth. That was witnessed by the sheriffs department. I have been compiling Ip addresses and tons of documents and giving to the cyber unit of the local FBI office as well. The only thing that helps pause the flow of data and monitoring is by disabling the SIM card temporarily(which I have also went through multiple sims).

Some of the common recurring exploits I have noticed on my devices:

iPhone / Mac:

• iokit exploits
• mdm policies
• proxies and tunnels (hidden)
• . Look for cloudflare tunnels
• firebase app attacks
• socket streaming
• hidden apps

Android:

• device policy (mdm)
• VPN hijacking
• DNS hijacking
• Google Play Framework / Services Malware
• Very high data usage ( almost 200gb / month) when before it was maybe 10-15
• Remote Config and “Google/Samsung ” system apps that are forgeries (Due to leaked App signing keys. Google search it)
• nearby device sharing and uwb

Linux:

• pam elevated permissions exploits
• pipewire, alsa and avahi exploits
• Firmware / Bios malware injection
• dbus socket exploits
• dns highjacking
• wifi bt control with overlays to hide connection

Windows:

• Lsass elevated exploits (Microsoft finally released a security update to address it with 22H2
• group policy and domain join enforcement (personal computer)
• Bios / efi exploits. Microsoft just released a partial security update but you have to activate it manually
• sfc /scannow is your friend from a admin cmd prompt
• nearby device sharing
• print server exploit

The iPhone and Samsung have never been rooted yet they have root cmd line access.

The bad thing with all these devices is as soon as you factory reset or wipe (even complete reinstall) the first thing all these devices want to do and do is turn on your radios(WiFi bt nfc) and search for nearby devices. Someone previously in the thread mentioned infected Roku printer and other iot devices spreading it. I can confirm that is what has happened to me after resets many times.

Sorry for the dump of info (even non Apple related) but this is obviously a bigger problem than companies are willing to admit right now. They are all interrelated though based on WiFi, BT NFC and the radios that our devices have, as well as, device sharing, sync and backup. Something needs to change. I mentally can’t keep living this nightmare and second guessing my sanity.

I applaud apple on making their own chip though because they didn’t (yet maybe) have the Exonos exploit from a couple months ago that allowed full device control with someone just having your phone number if you had WiFi calling enabled. It didn’t even make the news. Samsung still hasn’t released the fix for my a13 months later

Been experiencing the same since Jan 2023. But it’s from a private source, not business. I’m pretty sure I know who it is. It’s crazy to see so many replies of others dealing w this too. It’s such an invasion of privacy! My hacker started out using the Home app and bluetooth devices to listen and record my conversations, control center to enable assistive touch and control my device, wiped out my entire photo library and all of my contacts, changed my settings. Then as they got sharper they migrated to coding and scripts using GitHub, Xcode, and all Developer Forums on all platforms now that they put them out for anyone to join. I’ve learned A LOT about technology and apps trying to stop this source from accessing my iPhone. They are also proficient on both Apple and Android so getting a new phone did nothing. This is the 5th one I’ve had and I gave up. It’s still accessible no matter what. And it’s not detectable because it’s being accessed from the inside (codes). I also see the scripts on my analytic reports. I’ve started to educate myself on coding now because I’m determined to figure this out and no one else seems to know that any of this is possible. When I’ve reached out for help, ppl think I’m crazy and paranoid. Little do they know it’s very real and absolutely possible these days. Good luck! I’ll let you know if I come across any solution or help w this problem.

Some observations: In Settings, Accessibility…go through all of those options for voice access, touch, etc. I’m sure you will see certain options turned on. In Settings/Safari at the bottom there’s a setting for Advanced, make sure Web Inspector and Remote Automation are turned off. Click on Experimental Features and turn them all off. Everything that is accessed by a “developer” has an “Advanced” setting or option. My source has even joined Meta Developers and coded their FB. I’m setting up shortcuts to alert me when a Bluetooth tries to connect or they auto join me on a compromised/strange Wi-Fi connection. That’s some of what I’ve figured out so far.

Skywalker is a key logger! I think that was mentioned in the Hinchy document I mentioned. Info can be found at Sophos (spelling?) as well.

Not surprised, I had a key logger added as well. You should search each item. Although we know the main issue is the MDM which allows remote install of anything, including fake maps! I just saw your services listed. Is your MDM hidden? When it was downloaded, it was the only icon I’d ever seen that included a “hide option”! More of these services look very familiar, as in MDM or Malware. Is “Passcode Settings Provider” something you installed?

I’ve seen much of the same activity. I had 87 scripts listed under “shortcuts” using JavaScript. There is an app in the store that enables or provides these various coding methods (not the library). That was downloaded and hidden on my device. Same here with “options” cut off, no web tool bar, no email headers…unless you go to a public computer, then you can see much otherwise hidden info, in my case, for email and other accounts.

Be careful if you look at scripts not to execute, a simple single word may be associated with dangerous code that is apparently stored in the cloud, not iCloud, but other installed cloud services. Mine has a “managed hotspot” that resolves to Apple. According to MDM documentation, you have the option of getting a managed hotspot with the MDM. It uses this Wi-Fi connection, then can connect up to 8 devices with Bluetooth provided they are within range. And, it or other hidden downloaded apps are capable of impacting every operating system I’ve seen, Windows (an MDM wildcard search will show MDM files. Keep in mind that MS Office uses it, but I’ve seen nothing that indicates this MDM is dangerous. I have an inexpensive Wi-Fi detector that will pick up the signal when it’s on, and it’s always on lately. It has been coming more into the “light” lately as a dangerous app if in the wrong hands. I was actually told who had 2 missing devices, and which accounts were installed on them!

it is likely the person you suspect, and it’s so easy to make a full copy of your device if someone shoulder surfs your PIN and has access to your device for a few minutes! This person wants me to know it’s them, based on some info that appears on my device, like their name! This past week I had two more apps installed (they showed under the App Store as purchased, then disappeared. You can search on Apple on how to see hidden purchases, but many don’t show up. Several are free, provided you agree to allow access to all data. My hacker even did a Siri Search to find my posts. Continued…

i am a personal user as well and i have tried everything! apple store is a waste of time all they did was reset and it was already on there when i booted it.

question....under root trust certificates, do you have a greyed out single certificate that you fid not approve?

they ssy its not possible but i never had the option when i got this phone.

its a digicert root ca and its on all my devices!

Hi folks,

I've spent this whole year to date researching this campaign since I first started noticing non-typical activity on my iPhone, MacBook Pro and Mac mini. I've been using Apple products since the 80's and am fortunate to have never had any issues until now.

First I must preface the rest of this post by saying that some of the behaviours you see are BigTech harvesting user data. This has always been the case and is written into user-agreements you accept upon activation. Add on top of that any app you install will also have its hand in documenting the activities you engage in on your computer, device or 'smart' connected tech as is written their terms (linked on the page) you accept upon downloading and installing. 

You only need to glance over the privacy notice within the apps information on the AppStore to see the scope of what some apps collect. TikTok remains the top of the list closely followed by the big social media brands etc. There are also many apps still on the AppStore who have not updated since Apple introduced mandatory display of the data the app intends to collect, so exactly what they are taking from you remains unknown to its users.

However, while BigTech data extraction is a typical event on tech, data is a trillion dollar business and has undoubtably attracted the attention of bad actors who want a slice of the pie which is why there is a high prevelance of data mining exploits.

I'll reiterate a previous post that agrees, you are not imagining things. Whoever is behind the non-typical activity we are experiencing - likely has MDM-like control over your phone/computer.

You're seeing developer activity because developer mode is what the MDM-like behaviours are implemented through. This is occuring even though you all report there are no MDM certificates installed, the developer mode option isn't activated in settings, you are not enrolled in the beta or developer program and finally, you don't have TestFlight installed.

To date, Kaspersky are the only voice in the threat-hunting world who recently openly declared they no longer believe that Pegasus-style attacks are limited to only a small handful of people. They assert this because they invited comment from the general public regarding the 'Triangulation' attack and were flooded with emails with evidence of similar attacks on civilian devices.

Although much of the detailed information on these attacks are not public, what I have personally observed regarding the permissions attributed to various daemons and processes on iOS and macOS is attributed to the events many of you are seeing too. These are closely aligned to 'Triclops' (the only Pegasus-style survelliance documentation in the public arena) which appears to revolve around developer privileges. While I am not making any claims that what are experiencing is linked to the groups carrying out attacks on high profile targets, I am asserting that there is a group behind this long-running campaign who have leveraged developer privileges for the purpose of data extraction. The vast amount of evidence strongly suggests the three goals are scams, advertising interference and intelligence gathering.

I'll leave it here as I wish to respect the Community Use Agreement, but take heart, the number of people noticing non-typical things on their tech is growing. I look forward to maybe one escaping their clutches and reclaiming my tech, my accounts and just maybe, a little bit of the fun and awe tech used to provide.

When you navigate to Settings > General > VPN & Device Management, what do you see?

I had the “receive a message that I cannot use Messages for Business” as well! It’s at least good you only have 1 device. It does get installed on everything!

Apple keeps all data for 10 years, but they normally won’t provide info on this subject and will dispute evidence you submit. Although sometimes a rare representative will provide info.

Report this to IC3.gov, they are all over the security risks with the MDM, but your devices will prevent you from sending. Be aware that everything you say or do is monitored, and fake sites are common (go to another computer that is not yours then look at differences in pages), like no header footer data on web sites, no tool bars, no details on senders or fake emails.

There have been many attacks on Apple devices lately, search on NYC iPhone “rings” stealing iPhones, or Pegasus and iPhones.

My system settings change back right away as well.

I'm sorry you are going through this ****. I’ve never seen anything like this before. I was in Information Security for most of my life, but the Apple devices had just hit the market.

Ive been trying to “fix” it for two years and it gets worse, I even unplugged my internet! Then, a mostly hidden hotspot was added, the IP resolved to Apple! Come to find out, the MDM comes with the option of a Wi-Fi hotspot. It’s sort of hidden. Go to Wi-Fi, (with no Wi-Fi turned on) turn Wi-Fi on, then click edit, if you have one, it will show up as “managed” no option to delete. Inexpensive devices (under $100) are available on Amazon. It will detect Wi-Fi hotspot connections. This has also been used to track me in my car and break into my home.

I did suspect someone that I had been rather fond of, and kept hoping they would stop before taking further action. That has been foolish on my part. I’ve lost a lot of equipment, experienced fraud, spent $ on tools, new devices, “experts”, stolen snail mail, stolen iPads (I did learn who had the iPads), hacked home alarm, house vandalism and so much more! Oh, if you think someone has been in your home, they likely have (they know where you are) invest in a couple (or more) cameras that don’t use Wi-Fi or any electronic communication methods, as they will get hacked otherwise.

I’ve heard the Sheriffs Department will help (some will) and assist with a subpoena (much cheaper than an attorney). Some states allow a DIY subpoena, but keep data, like your changes (that’s hard to explain unless you make a video), and keep in mind, it does sound crazy! And try to use words a 15 year old could understand. The police are usually not information security experts, they have other big jobs to do. I’m a seasoned IT certified security pro, and most have looked at me like I have 2 heads. There were some YouTube videos on recent hacks and “rings” of ppl across the country, I think, look up NYC, WSJ, iPhones Attorney General. Also search on iPhone compromise and Pegasus, it also takes over devices.