MDM on personal iPhone - Businesses, unauthorized developer activity HELP!

You shouldn’t be looking at or digging into Apple devices analytics when you have zero knowledge on what it really means.

Multiple types of Digicert root CA are normal per Apple. See List of available trusted root certificates in iOS 16, iPadOS 16, macOS 13, tvOS 16, and watchOS 9 - Apple Support

Look into: Monitoring the user's proximity to geographic regions | Apple Developer Documentation

and subsystem responsiveness from system diagnosis

_com.apple.SpringBoard_com.apple.UIKit_ com.apple.app_launch_measurement.com_apple.camera.signposts_com.apple.signpost_emitterÑ_kSTYLatencyThresholdInMs#@@ÐÑÐÑ

èѸ+=`}š¸ÁÂÅÈËÎÑÔ

A version number that only exists for

Android…

Same here!

Could you share the Bluetooth connect script? I’ve seen many connections using a rogue hotspot and Bluetooth. Same thing since 2021. Likely is someone you know and they own a MAC computer.

Also, look into AWS Snowball. It’s a device used to mirror your phone and control it. It’s produced by Amazon. I found this out after talking to Coinbase and they sent me a follow up email with Snowball Phone in the subject. It uses Wickr as well.

I called Coinbase and asked they said they could not talk about it because it was internal Coinbase information… Super sketchy.

Beware i have exact same problem and now every NFT i own [crypto] has been stolen. I hate apple so bad now never will i own such a horrible secured device,wet paper bag.

You are quite correct, fortunately no one has accused me of being crazy as I’m a psychologist.

I guess what we have to remember is these discussion forums are answered by fellow Apple users and not Apple staff. So we may not find much support.

Whatever this is extremely insidious, my sharing is all disabled on my iPhone yet it is constantly searching for powered and unpowered devices nearby. I can see the data usage does not add up to the user activity. I feel sick to think how long it was on there without knowing and what it has captured of my children as it’s a part of their daily lives too.

It is something akin to the Mac Dirty Cow, although what is done after it is exploited I suppose may vary, there are actions being performed on my devices that I cannot find references to anywhere.

I have been going through this type of situation for 2 years 8 apple ids 3 carriers

3 brand new apple devices and one Mac Pro all infected the same way . I have tried everything once I put my name and dob in device it’s a dead ringer I cannot stop sharing with note or home. But I’m sure if all the users with the same problem can get help because as consumers we have rights

I’ve found several hidden devices. If it’s the Hidden MDM, it does geo fencing and scans your network for any new devices. It appears they can get into network once MDM is installed, it sends a beacon and it searches for serial numbers. Contact IC3.gov as they (gov) are trying to get rid of the MDM due to security issues! Also, Apple keeps a record of all devices that access your devices, although you will likely need a subpoena. I’ve read a sheriff can issue one. You will need supporting documentation.

T3ddy19 wrote:

You can’t get rid of it unless you get a subpoena.

How does a request for documents (or a request for someone to appear in court) remove anything from your phone?

It goes by the serial number which is also the Wi-Fi address,

Device serial numbers are not WiFi addresses.

They even used Siri to search communities for posts.

Siri does not have that capability.

Part 3, they have also done Siri searches on community! I was not aware Siri could do such things. My scenarios like health data is just like yours! Same with all, Game Center, iCloud (which I never used before), also frequent views of calendar, photos, notes and more. Plus many scripts under shortcuts. Beware of running these scripts. You can view them by clicking on the ellipse or “…” note that some words may sound innocent, but the actual full coding is usually stored in a cloud (not iCloud). Some of these scripts also allow full remote control. SSH over port 22 was used to access the network, I gather to expand beyond what the MDM could do, such as installation of a hidden key-logger, found in registry of a windows PC.

I would not openly identify who you suspect, it is perfectly legal (from what I understand, but I’m not an attorney) to identify a suspect, but you might be wrong, and you don’t want to damage someone’s reputation (or I don’t). Especially if you once cared for this person. It’s likely someone you were very close to at some point, and they could have had a key to your home.

So read, study, beg for help, hire pros, new equipment and you will be wasting time and money! Although I’ve learned more than I ever wanted to know about Apple security.

Oh, another “hacking event” with Apple seemed to show up as a 44 page document on my iPhone (were they helping me? Not sure. But it was a guy named Hinchy (I think) vs NYC, this guy was selling Spyware under the guise of Parental Control Software, a 44 page document. He was fined $440k in court. And I should add that I can’t delete notes anymore, the options are removed.

Anyway, with so many issues it’s hard to stay focused. The point of the summarized and difficult to find hacking incidents is to provide absolute proof to authorities in hope of getting this to stop.

So, collect data, document, locate hidden apps, (many are free and impossible to remove). Try to provide brief summarized readable by anyone information (you can add details behind that data) by category (email, apps, settings, rogue connections, unwanted changes, if applicable fraud, credit card applications (freeze credit) and so on. Most people don’t read more than the first page! Keep in mind that everything is monitored. Apple must keep data for 10 years, some for 20 even though most reps deny that fact. After you have a reasonable amount of data, provide this info to local authorities. But first find out if the local Sheriffs Department will help, I’ve read they are more likely to help with a subpoena than police. The subpoena will not be accusatory or cause the attacker to get charged, but you could request a restraining order.

And, scan house for active devices, almost all IoT contain no security or very little, my Rokus were compromised! The data was viewable on the router. Check out Wi-Fi connections listed under Wi-Fi. There is a way to view the password on devices that have previously connected, look that up I don’t want to post here! Look for rogue managed hotspot, include that with documentation. Anything that has been brought into your home is likely compromised, even things that were not set up. Smart TVs and sound bars for TVs can be compromised. Go to a public network and look at your email and accounts, view source, I’ve found many pages of creation of a fake email “pass through” page that restricts the view source function on MDM. Keep in mind that public Wi-Fi is generally not safe. But at this point you are already compromised. The MDM uses “web clips” you may have noticed this being used under certain apps, some are valid, some are not. But the MDM does not use Safari to browse, it uses web clips! This enables site blocking, removal of tool bars, and fake pages.

On email, in Apple and other mail, there are automatic deletes, password resets, security vender emails, monitoring alerts, much more! Especially if a premium support option has been added. Look at shortcuts, fake emails can be sent from shortcuts with your email address. Under shortcuts, go to the bottom, type in email or message, one will say send email or message, try sending yourself one, see results. Beware of executing any script, many do much more than what’s stated, search on bottom for ssh, if it’s been used, it will show up. Apple apps provides programs that allow the user to create scripts using several different programming languages. Search on App Store to see this app. It’s not the library, but the one that specifically provides the ability of SSH, CMD, and others.

And realize even if you harden your firewall this can be circumvented with the hotspot, bypassing rules.

Hello.

Reading this thread has been helpful, we all know whqt its like when you think your going crazy and no one believes you, then you question your own sanity until the tell tail signs appear again.

its been about 3 years this has been happening to me, ive done a lot of reading and calling but now i dont care, as much as i used to anyways - this will never end im sure. But, when bordom strikes its sometime to occupy the mind.

Before coming across this post i actually narrowed it down that it had to be an installed profle, now reading this im certian. Also, i went through my analytics data and found a report that had converted all my apps to a different form of app or to a different storage location on my phone. Today, i went to sign into iCloud online and a redirect thing appeared (attched) i googled what the link was for and it was to 'sign out' of a 'CWA' which got my curious because ot wanted ro open the app store, i clicked it opened and app store and there was app updates in there from days ago, i only updates my apps an hour before hand, fishy .. my apps are not ny apps and havent been since i seen that analysis data.

I download an app called TulaByte which loggs all connections to your device (attched) i googled some of the stuff and its apprantly the icloud Private Relay service which you have to pay for, i havent .. theres a separate profles on a different storage file on my phone i think which is why is connecting to my device since i dont have that .. the mind boggles!

Anyways, on wards and up wards - another day on the calendar and still no closer on how to remove it.

Now i can't upload pictures when i try, typical!

I wish you all the best of luck of this journey, your not carzy! They are!

J.

Wow! Finally I feel a tiny bit of validation after finding this thread! Thank you so much to those posting this information! I haven’t read everything yet but I absolutely am going to read every single word. I am so grateful, thank you.

I’ve had many similar issues. Look up very technical precise description from JMurphyCO and responses. Like yourself, I’ve learned that replacing all devices does not help. Search for “MDM” with wildcards on your PC/Mac. But knowing you have apps (including many hidden) does not remove them. I have contacted the Apple 3rd party venders to get some removed or disabled. But most apps remain.