MDM on personal iPhone - Businesses, unauthorized developer activity HELP!

If you see nothing in you VPN & Device Management section, your next step is emergency reset. If you need help performing an emergency reset, you can call 1-800-MY-APPLE (1-800-692-7753) or schedule an appointment to visit an Apple Store. Unless you are a high profile government official or a journalist covering contentious areas, this will likely solve your issue.

@GSS_544

Oh man I could have written your post. Do you have nearby wifi that isn’t yours? I suspect they’ve modified the router firmware and added them, I believe it’s possible. That or there is a 4G wifi gadget hidden somewhere! *grin

They’ve also got onto my website server. It’s a shame because it has really made me hate technology now. They send FaceTime and iMessages out despite them not being active. My logs are full of new and modified daemons and processes which are obviously not legit.

A lot of the scripts like you mention are from GitHub and developer betas and SDKs. Even my iOS SpringBoard is a beta version :(

The presence of beta identifier strings in logs and trial experiments is a sure sign you’ve been hit. I have found various evidence that suggests it’s been going on since at least 2019. They’ve really honed their hack. The majority of my logins now route through APIs (Google, Twitter, GitHub etc). Tonight they locked me out of account I use to post what I find on Blogger.

Lockdown is a joke, they still somehow are getting iMessages in and out on macOS and I have it off and don’t use it. My iPads have had it on since new and it’s running scripts.

Apologies for the rant, I’m just so over it but there is no escape. Aside from my sanity they’ve stole the fun that technology can be.

Same here, just posted a lengthy blog. It’s likely someone you know. Family sharing is used to spread malicious apps across other devices with different names within the same network! I also see health data that is not mine, indication of synching data. Everything IS likely being monitored. Do you ever see an eyeball on certain web sites? A lot of apps are hidden as well. The use of Web clips is a sign of an MDM, it used web clips instead of safari, but looks the same, but features are removed. Please read my last 3 posts. Changing settings won’t help much, as like you said, they get turned right back on! Keep an eye on “shortcuts” but don’t execute them, some are dangerous. From what I’ve learned, you can’t remove this, I had an MDM before and the vender removed it, but that was a different vender. The previous posts provides some info to help. You likely will not like the answers I’ve found. I did not mention, but I read that IOS devices have a hidden Wi-Fi connection as well (it showed until and update, 13?), Not certain. Request or look on Apple for hidden purchases. If you have a windows PC, search on *mdm*.*, or %mdm%.% ( I think the last one is right, that searches the root/system files,the first one was the rest of the files. You can’t get rid of it there. Read about Apple Configurator on Apple site. Good luck!

Pt 1

Daisy, I’m so sorry and I completely understand the **** you are going through. I’m a former Global IT Security Manager, it would seem like I could resolve it, but I can’t. I had someone install an MDM before to compromise my systems (windows) but found the vender name by doing a wildcard search and the vender removed it.

I wrote way too much, so I have to cut this down. 1) if you suspect someone, ask

them. It’s someone that has a Mac and has had physical access. 2) it installs remotely on everything, reformatting will not help, machine “serial number” and Wi-Fi are the same. They can scan your network for anything new. Write a request to Apple Security (although it may never actually be sent. Tell them the suspects name if known. They won’t do anything to the person, but will watch them.

3) If they confirm the user, ask/tell them to uninstall, here, it’s a class H felony to monitor another’s conversations and it does a lot more than that.

4) get a subpoena, some states allow you to go before a judge, others may require an attorney. Be clear and concise. Don’t use words that a non IT person would not understand.

Apple collects absolutely everything, it all goes by serial number, no type of program can get around this feature. They know everywhere the device has been, who installed programs and have all data, installations, emails, pictures, cloud storage, deleted emails, password resets, everything!

5) After you submit the subpoena you decide what to do from there, forgive? File charges? But most of all, ask for removal. As long as web clips is still found even after deletion, it’s still there.

Report the MDM to IC3.org! You will have to use another computer. Search the net for MDM, Antitrust, government. It’s a dangerous program to USA security!

I’m not an attorney this is not legal advice.

Good Luck. And it gets on Windows as well.

One more thing, write to Apple Security, use another computer. Tell them the suspects name, ask for help. I agree that they should help! Too many people are getting this and it costs major money and time.

I found a managed hotspot that is somewhat hidden, now, it is nearly always on. It connects to other devices using Bluetooth. I can’t delete it. It resolves to Apple (the IP changes). I searched MDM and hotspot on Apple, and it’s an option. I’ve unplugged my network completely, but devices kept communicating, and they still are even though not used in months.

Questions:

I understand the monitored issue as everything I do is monitored as well. I disconnected my Wi-Fi and an unauthorized “managed” hotspot was added that resolves to Apple, a feature of the MDM. But, I don’t know if you can say, but why would you think this is a developer? The ability to use all the programming methods you mentioned can be downloaded from the App Store! I was surprised to see ssh commands used to hack network when I still had one. In many instances based on reading comments and research it is likely someone you know who has had access to your device, physically in hand, and they know the PIN. Once it’s installed on one device, it can remotely monitor new devices of any type. I found the list somewhere, but it seems to randomly appear. Is there anyone that had access to your device?

Second question, did you get the info on apps listed by making a copy of the device? Or is that something directly from your phone? I’m just curious.

After everything I’ve read and tried, unless Apple will remove (and they won’t) or the installer removes it, I’ve yet to see anything that works. A factory reset does not work. One device was reformatted so many times that it no longer came on. I’ve lost $30k between replacing all equipment, paid “experts”, mitigation and detection techniques, monitoring for fraud, unauthorized software purchases and much more. It did not occur to me that it was an MDM until I found out that purchases could be hidden! Several downloads were “free”. Check your “hidden” purchases asap! They only show history for a few months.

I also changed my Apple ID, no activity for several days, then it started all over. Then they use Family Sharing to spread the other apps around.

My Windows PCs all destroyed, and like other posts, it happens within 3-5 minutes, permissions changed, accounts changed or deleted, ability to view event manager removed and so on. Same on brand new devices, I have no Wi-Fi except the “managed hotspot” that can’t be deleted. When it connects, I can view more data, like I normal web page. And likely the scanning list.

I likely mentioned it, but when I was in the hospital an older iPad mini went “missing” another iPad went missing this month. I’ve found the location of both devices. I did not realize how dangerous it was to save passwords, all unencrypted. Now I can’t say that the person that has my devices is the person who installed the MDM without more data, as the subpoena would required to determine The Who that is doing this. I’m disabled from multiple surgeries, now, no TV or Internet to order necessary items. My grocery delivery service was cancelled, and much more. But I’ve seen no evidence of it stopping. This “hope” and the fact that I cared for the person who I suspected. I’m no longer employed due to ongoing hospitalizations. One person mentioned that if $ was involved, Apple would help, NO. It seems as if Apple would have compassion for such an issue, but they don’t.

One thing they said was that “they don’t help with third party apps, but this is an Apple product per the App Store.

And I’ve had and enjoyed my Apple devices since the iPods and the 1st Apple iPad!

I’m not sure if you remove everything (although I’ve tried) if that would help? And I’m not certain what “everything” includes? TV? Printer? Router? The firewall/routers get compromised as soon as I reformat and I’m setting them up offline. I guess that’s the “hotspot”. I can’t even use a Windows PC that is completely offline (or I think it’s offline). They connect with the hotspot, then use Bluetooth to traverse the network. Bluetooth can connect to 8 devices at a time.

Ive also been cyber stalked. Location is turned on, and if I leave my home, people break in the house, even after a lock change. I’ve seen this as well (offline recording devices). It’s been a challenge, especially when trying to recover from multiple surgeries!

I had an MDM once before, in IT, some ppl tend to want to spy on others. But once I found the company name in the Windows file system and called them, they removed it while I was on the phone. A reformat, and no more issues (about 10 years ago). So it is possible to remove it!

I tried writing to the security department, most emails never went through, but this one did. They responded it was not a security issue. The DOJ and FBI disagrees and they are trying to stop it. Thus the importance of submitting a report to IC3. The MDM will likely prevent you from submitting, so you can use a public PC or write by hand. But this product should not be available to the general public!

Ive rambled on too much and had to delete info, so parts may appear broken. Like you, I know they are watching. I also saw a Siri search on my posts (despite what another person said).

Second attempt to post. I’d found Termius as another app that was downloaded and hidden. It’s on the App Store, more details on the actual site. A most interesting IT network tool. It’s obviously for IT, and works on anything. I gather since you have a Linux box that you know IT fairly well. Another user pointed out something I said. To clarify, the subpoena will not remove the app, but it should let you know who is connecting. Then you could ask them to stop or get a restraining order to stop. BTW, I have about 30 years of Information Security experience, certified and so on. Corporate systems helped identify things like this and as a Corporate Info Sec Manager, with a dotted reporting line to legal it’s much easier to get help.

What a great job you have done in finding all these things! I’ve made some errors when I’ve attempted to respond to ppl, then I get the “junk yard pit bulls” come after me, or the preferred polite responses, some say “impossible!” about error (some are not errors) unless this has happened to you, then one can’t understand the impact. Can you say what you have used (device wise) to detect these things? My devices get compromised as soon as I turn them on (in my house). I also found a “managed hot spot” which I can’t delete. I signal detector goes off if I

type or look at anything. I disconnected my Wi-Fi completely. Then the hotspot appeared, it may have been there before, which would bypass firewall rules, it connects to Bluetooth (up to 8 devices can connect to Bluetooth), and it spreads. When Wi-Fi is on, the IP of the “managed” Wi-Fi appears. My carrier insists there is no Wi-Fi hotspot since I’m not signed up for one, I attempted to install one, and it would not permit, without paying more. As far as the CMD, ssh, sftp and more, well, there is an app for that. Go to shortcuts, add one, clear the bottom section, type in ssh, and see if something appears! I have several of the same issues as you, but I’ve not been able to detect them as devices are disabled or destroyed. It started following a missing iPad, mostly iPad exploits (hidden apps, system settings changes and so on, you know the drill). Then escalated to home alarm hack, home B&E, vandalism, fraud, identity theft and more.

Don’t second guess your sanity, but I understand completely. Many ppl have experienced the same thing. Now, I can’t download the most recent update! Maybe it has something that will help? Have you made any progress? It seems like new devices, or old ones that I’ve not used get compromised within minutes (others have said the same). I’ve seen the MDM (aka Apple Configurator) downloaded, but wonder if it could be a rogue MDM? Perhaps from the Dark Web? It is so technically complex! I’ve been in Security (one form or another including Global IT Security Manager) for about 30 years. I’ve never seen anything with so many facets, not even the APTs. have you looked for NFC? I have a couple in my home, along with other planted devices. There are detectors out there, although the cheapest one would not pick up a NFC, my Wi-Fi also goes off when I’m driving. Also, check out LinkedIn and there is some info there. I really wish Apple would help!

The MDM (or mine anyway) installs a MANAGED Wi-Fi hotspot. That will over ride your hotspot. I was glad to see these postings, as I’d never seen anything like this before. I had an MDM installed on my windows PC on another hospital visit. Found vender name, called them, they removed it right away. But it was not as destructive as this one. How horrible someone is doing this to you after you lost your husband! But he could not fix it either. It would have to be removed by installer (likely someone you know) or Apple. And Apple won’t support this Apple developed app! Reformatting, buying new devices, useless. It gets on everything, Windows, Android, Google, router and more. What it can’t do, it downloads another hidden app to do. I’m trying to collect everything to remove from my home, but I can’t tell what “everything” includes. I also read it can be set to prevent scanning apps for Bluetooth, Wi-Fi and such. You have to buy another device for that (with no Wi-Fi). The State Department of Justice and FBI is interested, send info to IC3 (dot gov).

The first install has to be hands on, after that, all can be done remotely. So, if someone knows your PIN, it only takes minutes. It’s likely someone you trusted very much. And, many of the key-loggers that are often used (found one on mine) often contain more malware.

The MDM can do many things per Apple documentation, it can hide apps and features, install other (hidden) programs, and much more. It’s all outlined under Apple MDM documentation. It can revert your devices instantly. It’s the only app I’ve ever seen that comes with a “hide” button. I’m beginning to wonder if it’s a rogue MDM? I’ve been in Security for decades, never seen anything that can compromise any device in minutes? Plus, I don’t know “where” it is stored. At one point, I thought I got rid of everything but apparently I did not. I’ve heard a printer mentioned, I didn’t get rid of that however. I’ve seen ssh being used initially when network was still plugged in, but now I have a rogue “Wi-Fi hotspot” that is managed. Very frustrating.

Printers tvs phones laptops , routers, Chromebook tablets. You car!!

Anything with wifi or Bluetooth. My ex added me to his business cloud and created fleet device management. I can’t get away from it. I have no money to keep replacing devices only to have them reinfected within day or days.

This tech is being used to abuse other people it needs to be fixed so it can’t. It’s being used maliciously as much as it is for legit business purposes. :(

apple help us in Canada. We have no cyber laws!

Some of your particular symptoms here are different to mine but let me just say this.

I have had MDM’s deployed by apple

over all the devices I’ve purchase over the last 3 years that I know of.

Apple will NOT admit to you if this is the case. I even called JAMF, who provide MDM services For Apple. The guy said to me that maybe Apple “accidentally” took a device from the pile which have MDM deployed on them. I laugh because it’s every single device I buy and it’s inescapable.

As much as I love their products and fantastic service, as a company, they can’t be trusted. Their devices are backdoored to provide access

to the major US spy agencies and they have to. Apple execs would be prohibited from ever revealing this to the public or face criminal charges.

Perhaps you’re a person of interest

more so than others I’m not too sure but your MDM here is very obvious. Hopefully you can attempt to have it “removed” or at least the hard core restrictions.

I hate to break it to you but this is the way things are now due to Mass Surveillence. I don’t like it either but we simply don’t have a choice.

Looks like my original post was deleted? Idk I’ve never actually posted anything on here before but good thing I saved it before I posted it…

After spending the last year or two google searching anything that seemed fishy in my analytics logs, I’ve finally, finally and finally! Stumbled upon the most solid and concrete description of what’s been happening to me over the past two years with my devices. What a breath of fresh freakin air. 

The process I searched for that brought this thread up was “AppleH13CamIn” found in an analytics log labeled “Stacks-2023-10-18.” 

It is 100% the MDM and what one reply here mentioned as the “Invisible Beta.” Though not so invisible now that I realized they were unable to hide the “Feedback” app in the “Per-app settings” found at the bottom of the accessibility setting. The “feedback” app is usually only available to devices registered to the beta iOS program.  100% using Xcode as their method of hacking. 

From what I gathered, there has to be some sort of hardware issue (either methodically or accidental) that is powering a BT process that keeps this intrusion alive. 

One thing i noticed too is, the Rokus on my network were being converted and used as a WiFi 4 protocol hotspot that was acting as a sort of evil twin router and fooling my device into connecting. I live at home and my mom still has an iPhone 6+ that hasn’t been updated since iOS 11? That she refuses to update so I’m practically SOL. 

Someone asked about what the “trial rollout” well here you go: 

stateDbVersion":3,"trialExperiments":"0","trialRollouts":"2","version":"2.4"}

activeTreatments":"100:210304_control,101:210415_control,102:210304_control,103:210304_control,105:210304_control,106:210304_control,107:210304_control,104:210304_control,108:210601_control,109:20419_control","

Count":3,"bug_type":"225","reason":"rejected-config"},"name":"LogRetirement","

Logs are consistently labeled as rejected. Someone mentioned Skywalker is an actual keylogger? I’m seething Skywalker doorbell logs and an unidentified haptic device connected as a home accessory. I don’t even use apple home. 

Logs also detail - HMDRemoveAccessoryPairingLogEvent

There are daily multiple “Hardware data resets” and initial unlocks “after boot” while charging. 

They must be utilizing some sort of stingray to mimic LTE connection. 

This is literally an intrusion from every direction. An intrusion that my neighbors are in on (phone was stolen off my driveway in a nice neighborhood at the end of a culdasac not even 3 minutes after I left it there I see 3 individuals walking way from my house that I’ve never seen before and no phone in sight) 

one thing that helped was create a physical vpn. Modem - bridged router - switch - 2nd router. 

I think they also get in through the power lines. What a freakin mess this world is. So sad really. 

[Edited by Moderator] 

I can no longer hard reset my device

"os_version":"iPhone OS 17.1 (21B74)","bug_type":"115","timestamp":"2023-10-29 18:29:44.00 -0700","name":"Reset count","roots_installed":0,"incident_id":"4B3A5FFD-BAA0-4EEE-87FB-A1D72D079C69"}

Incident Identifier: 4B3A5FFD-BAA0-4EEE-87FB-A1D72D079C69

CrashReporter Key: 775e3868796172cdd4d7cb3a41ddc37822cbd28e

Date: 2023-10-29 18:29:44.21 -0700

Reset count: 0

Boot failure count: 1

Boot faults: rst btn_rst,btn_seq_reset timeout,dblclick_timeout

Boot stage: 0x40

Boot app: 2681261667

socId: 8110

socRevision: 11

the low battery log shows keep alive processes that run after it “dies”

Date: 2023-10-31 22:38:40.304 -0700

OS Version: iPhone OS 17.1 (21B74)

SpringBoard: BacklightServices.backlightActiveOn SystemIsActive == 255, held for 00:44:53

runningboardd: osservice<com.apple.SpringBoard>32-33-136672:FBSystemApp-PreventIdleSleep SystemIsActive == 255, held for 00:44:53

Foreground Applications: com.apple.Preferences

Screen Brightness: 0.218507

Hardware Model: D64AP

Awake Time: 09:49:17 (35356)

Standby Time: 12:04:02 (43441)

Partial Charge: 1

Capacity: 1

Voltage: 3192 mV

Voltage Droop Time: 0

Voltage Droop Transitions: 0

CPMS has keys: