User profile for user: AgentDragonfly
AgentDragonfly Author
User level: Level 1
43 points

MDM on personal iPhone - Businesses, unauthorized developer activity HELP!

I am a personal 'User' I have cycled through many hours and days with support. No one knows what is going on. Most likely because I am never able to speak with someone that understands the Enterprise platform. I feel this is happening via my carrier- but Fraud sent me to Tech support. Tech support told me my phone is hacked and to file a police report.

In combination I suspect that MDM is a gateway for an external developer to access my phone via various methods: webkit, Xcode, Apple Store Connect, SDK

I am about 99.99% sure I know why, but that is something that I will not disclose because most likely all of my activity is monitored; despite the very strict privacy settings I try to maintain.


Symptoms:

  1. My apps will sometimes tell me they did not come from the App Store (Maps, FindMyiPhone, etc..)
  2. When I make an attempt to chat with Apple support I receive a message to Use Messages to Connect with Business. When I have my iPhone in LOCKDOWN mode I receive a message that I cannot use Messages for Business when my device is locked down.
  3. I only have one device. However, I am sharing across devices- many times or I have the option to. The choice is not grayed out.
  4. I am unable to perform an Emergency Reset because I am usually sharing something - Notes, Home, Health, Books....
  5. I do not use iCloud Drive due to multiple security concerns. Almost every time that I double check those settings apps show that they are using iCloud Drive. (Game Center, Health or Fitness, Notes, Books, Apple Support, Wallet) While clicking to turn OFF syncing I have had a battle with it changing right back before my eyes. (I have screen recordings)
  6. Game Center will come on even though I have strict Screen Time settings.
  7. I am generally either sharing, or my phone is gathering data from Health; even though that privacy option is supposed to keep that from happening.
  8. Sometimes I am unable to even sign out of my phone due to 'restrictions'.
  9. I have 'Share with Family' sometimes

*Those are only a few symptoms. That is minus the horror I see from the extraction of information I backed up into Kali Linux

As I have mentioned I have spent many many many hours with Support. One Senior Director did spend time Googling the services that show up in my Analytics. I have even uploaded screen shots and documents, but I never heard back.

I REALLY REALLY need help here.

I will add attachments. They won't be nearly the amount I have. I am begging!!!


Services in Analytics


iPhone 13, iOS 16

Posted on Apr 2, 2023 2:32 PM

Reply
Question marked as Top-ranking reply
User profile for user: T3ddy19
T3ddy19
User level: Level 1
94 points

Posted on Jul 24, 2023 11:49 AM

Part 3, they have also done Siri searches on community! I was not aware Siri could do such things. My scenarios like health data is just like yours! Same with all, Game Center, iCloud (which I never used before), also frequent views of calendar, photos, notes and more. Plus many scripts under shortcuts. Beware of running these scripts. You can view them by clicking on the ellipse or “…” note that some words may sound innocent, but the actual full coding is usually stored in a cloud (not iCloud). Some of these scripts also allow full remote control. SSH over port 22 was used to access the network, I gather to expand beyond what the MDM could do, such as installation of a hidden key-logger, found in registry of a windows PC.


I would not openly identify who you suspect, it is perfectly legal (from what I understand, but I’m not an attorney) to identify a suspect, but you might be wrong, and you don’t want to damage someone’s reputation (or I don’t). Especially if you once cared for this person. It’s likely someone you were very close to at some point, and they could have had a key to your home.


So read, study, beg for help, hire pros, new equipment and you will be wasting time and money! Although I’ve learned more than I ever wanted to know about Apple security.


Oh, another “hacking event” with Apple seemed to show up as a 44 page document on my iPhone (were they helping me? Not sure. But it was a guy named Hinchy (I think) vs NYC, this guy was selling Spyware under the guise of Parental Control Software, a 44 page document. He was fined $440k in court. And I should add that I can’t delete notes anymore, the options are removed.


Anyway, with so many issues it’s hard to stay focused. The point of the summarized and difficult to find hacking incidents is to provide absolute proof to authorities in hope of getting this to stop.


So, collect data, document, locate hidden apps, (many are free and impossible to remove). Try to provide brief summarized readable by anyone information (you can add details behind that data) by category (email, apps, settings, rogue connections, unwanted changes, if applicable fraud, credit card applications (freeze credit) and so on. Most people don’t read more than the first page! Keep in mind that everything is monitored. Apple must keep data for 10 years, some for 20 even though most reps deny that fact. After you have a reasonable amount of data, provide this info to local authorities. But first find out if the local Sheriffs Department will help, I’ve read they are more likely to help with a subpoena than police. The subpoena will not be accusatory or cause the attacker to get charged, but you could request a restraining order.


And, scan house for active devices, almost all IoT contain no security or very little, my Rokus were compromised! The data was viewable on the router. Check out Wi-Fi connections listed under Wi-Fi. There is a way to view the password on devices that have previously connected, look that up I don’t want to post here! Look for rogue managed hotspot, include that with documentation. Anything that has been brought into your home is likely compromised, even things that were not set up. Smart TVs and sound bars for TVs can be compromised. Go to a public network and look at your email and accounts, view source, I’ve found many pages of creation of a fake email “pass through” page that restricts the view source function on MDM. Keep in mind that public Wi-Fi is generally not safe. But at this point you are already compromised. The MDM uses “web clips” you may have noticed this being used under certain apps, some are valid, some are not. But the MDM does not use Safari to browse, it uses web clips! This enables site blocking, removal of tool bars, and fake pages.


On email, in Apple and other mail, there are automatic deletes, password resets, security vender emails, monitoring alerts, much more! Especially if a premium support option has been added. Look at shortcuts, fake emails can be sent from shortcuts with your email address. Under shortcuts, go to the bottom, type in email or message, one will say send email or message, try sending yourself one, see results. Beware of executing any script, many do much more than what’s stated, search on bottom for ssh, if it’s been used, it will show up. Apple apps provides programs that allow the user to create scripts using several different programming languages. Search on App Store to see this app. It’s not the library, but the one that specifically provides the ability of SSH, CMD, and others.


And realize even if you harden your firewall this can be circumvented with the hotspot, bypassing rules.



View in context

Similar questions

160 replies

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

MDM on personal iPhone - Businesses, unauthorized developer activity HELP!

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up