MDM on personal iPhone - Businesses, unauthorized developer activity HELP!

Been experiencing the same since Jan 2023. But it’s from a private source, not business. I’m pretty sure I know who it is. It’s crazy to see so many replies of others dealing w this too. It’s such an invasion of privacy! My hacker started out using the Home app and bluetooth devices to listen and record my conversations, control center to enable assistive touch and control my device, wiped out my entire photo library and all of my contacts, changed my settings. Then as they got sharper they migrated to coding and scripts using GitHub, Xcode, and all Developer Forums on all platforms now that they put them out for anyone to join. I’ve learned A LOT about technology and apps trying to stop this source from accessing my iPhone. They are also proficient on both Apple and Android so getting a new phone did nothing. This is the 5th one I’ve had and I gave up. It’s still accessible no matter what. And it’s not detectable because it’s being accessed from the inside (codes). I also see the scripts on my analytic reports. I’ve started to educate myself on coding now because I’m determined to figure this out and no one else seems to know that any of this is possible. When I’ve reached out for help, ppl think I’m crazy and paranoid. Little do they know it’s very real and absolutely possible these days. Good luck! I’ll let you know if I come across any solution or help w this problem.

Some observations: In Settings, Accessibility…go through all of those options for voice access, touch, etc. I’m sure you will see certain options turned on. In Settings/Safari at the bottom there’s a setting for Advanced, make sure Web Inspector and Remote Automation are turned off. Click on Experimental Features and turn them all off. Everything that is accessed by a “developer” has an “Advanced” setting or option. My source has even joined Meta Developers and coded their FB. I’m setting up shortcuts to alert me when a Bluetooth tries to connect or they auto join me on a compromised/strange Wi-Fi connection. That’s some of what I’ve figured out so far.

@GSS_544

Oh man I could have written your post. Do you have nearby wifi that isn’t yours? I suspect they’ve modified the router firmware and added them, I believe it’s possible. That or there is a 4G wifi gadget hidden somewhere! *grin

They’ve also got onto my website server. It’s a shame because it has really made me hate technology now. They send FaceTime and iMessages out despite them not being active. My logs are full of new and modified daemons and processes which are obviously not legit.

A lot of the scripts like you mention are from GitHub and developer betas and SDKs. Even my iOS SpringBoard is a beta version :(

The presence of beta identifier strings in logs and trial experiments is a sure sign you’ve been hit. I have found various evidence that suggests it’s been going on since at least 2019. They’ve really honed their hack. The majority of my logins now route through APIs (Google, Twitter, GitHub etc). Tonight they locked me out of account I use to post what I find on Blogger.

Lockdown is a joke, they still somehow are getting iMessages in and out on macOS and I have it off and don’t use it. My iPads have had it on since new and it’s running scripts.

Apologies for the rant, I’m just so over it but there is no escape. Aside from my sanity they’ve stole the fun that technology can be.

Yes, I do have a hidden hotspot! I found 3 or 4 with very active Wi-Fi signal, one an older hotspot reactivate, another older version of a smart light bulb, it almost looked home made, not like the ones I’ve seen today that are flat and round on the inside of a bulb. And my doorbell was converted to a Wi-Fi hotspot (it does not require Wi-Fi to work!

Most of the “tools” used have been either native apps, like accessibility apps and a switch that permits 2 way communications (it can both make calls and receive PINS or authentication codes using my number!). Imagine what that does for banking and such!

Many “hidden” apps have been downloaded. Most say for Corps or companies only, completely hidden MDM that does not show under VPN, 2 banking apps, 2 email manipulation/deletion apps ( they are for organizing email) but used to delete info on password resets or security vender info, one app includes a screen recorder and it grabs text from whatever you look at. It shows symbols when it’s used, a random eyeball, and another symbol that looks like a screen or window with bars. If you click on it, text is selected. I logged into that app, but had no options, it created a 45 minute screen recording, then sent an email to me and the vender (who knows who else).

Fake emails created from shortcuts/scripts, also, it uses SSH remote access. Most of the actual coding is stored in the cloud, so you can’t see the full script, JavaScript. Turning it off makes no difference. Also, I went to another computer and found my email was going to another fake site, the name was the same, but it removed a lot of activity that was going on, hidden email, auto deletion of mail, no ability to view source of emails.

Most web sites are redirected the same way as email, yesterday, it was my banking site!

Before, you could not ssh on Apple, but now “there’s an app for that”.

One thing that is required for the MDM is “web clips”. According to Apple, you go through web clips for internet, not safari! You can’t uninstall it. When I attempted to download the MDM on a device, it said “contact your administrator, you don’t have permissions”. And it was the only app I’ve ever seen that came with a “hide” button on download.

The MDM uses the serial number, which is also the Wi-Fi address, so no matter what you do, they can find you. It also scans your network for any new devices of any kind.

Bluetooth is also used in many instances (idk if MDM related or not), but Bluetooth can connect to 8 devices at once. So anything especially IoT can (and did) get compromised. Alarm system, streaming video devices, certain TV sets, headsets, some remote controls, almost all TV sound bars. I’ve read these must be isolated in the guest network. Any device in your network is trusted by default, leaving you wide open.

reformatting, new devices, renaming, changing user name, all does nothing. It also “broadcasts” leaving you open to more hackers! And Android can get bricked immediately. I’m thinking the hackers must have compromised the MDM, I know it’s supposed to show up. But, they had a huge attack with 13 million devices compromised around 2015, that came from using or looking at apps in the Apple Store, and JavaScript.

I keep hoping it will stop. In my case, it’s a local person, as they came into my home after compromising my well known alarm system. And, there is so much more.

Mine seemed to happen after I had an extended hospital stay.

I’ve learned you can’t get rid of it. I’ve bought new devices that are compromised before I get them out of the box!

More to gravityfed:

I guess you must get rid of everything that could have Wi-Fi, Bluetooth or mobile access, possibly DECT, but not sure. Getting just new Apple devices won’t help. So, router, modem, printers, PC, Apple, any old devices, all light bulbs, connected cameras, TV sets of vulnerable, Wi-Fi headsets, much more. more. Other devices as well. Idk if you put “smart” devices in the guest network would help if already compromised. And keep in mind, if you configure your smart device using something that resides in your regular 2-5 ghz router, you just crossed over.

There are many things that I can’t remember how to do (if I ever knew), like securing remote access with 801.x, ppl get in my network within minutes. Firewall rules get over written in seconds. It seems very extreme. I was in Info Security for many years, never saw anything like this. And, you need a corp email/domain to read white papers about security tools! I’ve looked at the referenced logs you mentioned “The presence of beta identifier strings in logs” but what does that mean? I’ve seen installations of things, some worked some did not. But could you give me a sample of what I’d look for with “identifier strings”. I know that the shorter JavaScripts store most data in the cloud, but have no

idea how to view what is actually being done, unless it’s standard Apple Stuff. I know simple words can mean something very bad? Have you reported to IC3 dot org? They have a major issue with the MDM, search on that and Antitrust. I hope they lock this stuff down.

Same here, just posted a lengthy blog. It’s likely someone you know. Family sharing is used to spread malicious apps across other devices with different names within the same network! I also see health data that is not mine, indication of synching data. Everything IS likely being monitored. Do you ever see an eyeball on certain web sites? A lot of apps are hidden as well. The use of Web clips is a sign of an MDM, it used web clips instead of safari, but looks the same, but features are removed. Please read my last 3 posts. Changing settings won’t help much, as like you said, they get turned right back on! Keep an eye on “shortcuts” but don’t execute them, some are dangerous. From what I’ve learned, you can’t remove this, I had an MDM before and the vender removed it, but that was a different vender. The previous posts provides some info to help. You likely will not like the answers I’ve found. I did not mention, but I read that IOS devices have a hidden Wi-Fi connection as well (it showed until and update, 13?), Not certain. Request or look on Apple for hidden purchases. If you have a windows PC, search on *mdm*.*, or %mdm%.% ( I think the last one is right, that searches the root/system files,the first one was the rest of the files. You can’t get rid of it there. Read about Apple Configurator on Apple site. Good luck!

You only own 1 device? No Windows or android? Oh, it says Linux? Search on file system for MDM. Those apps are likely fake! Search on 13 million iPhones compromised (2015?). It involved many fake apps. It’s likely someone you know with a MAC computer. I think the initial install must be done with physical access. You can’t get rid of it. But it also gets on everything!

Could you share the Bluetooth connect script? I’ve seen many connections using a rogue hotspot and Bluetooth. Same thing since 2021. Likely is someone you know and they own a MAC computer.

I have been going through this type of situation for 2 years 8 apple ids 3 carriers

3 brand new apple devices and one Mac Pro all infected the same way . I have tried everything once I put my name and dob in device it’s a dead ringer I cannot stop sharing with note or home. But I’m sure if all the users with the same problem can get help because as consumers we have rights

Pt 1

Daisy, I’m so sorry and I completely understand the **** you are going through. I’m a former Global IT Security Manager, it would seem like I could resolve it, but I can’t. I had someone install an MDM before to compromise my systems (windows) but found the vender name by doing a wildcard search and the vender removed it.

I wrote way too much, so I have to cut this down. 1) if you suspect someone, ask

them. It’s someone that has a Mac and has had physical access. 2) it installs remotely on everything, reformatting will not help, machine “serial number” and Wi-Fi are the same. They can scan your network for anything new. Write a request to Apple Security (although it may never actually be sent. Tell them the suspects name if known. They won’t do anything to the person, but will watch them.

3) If they confirm the user, ask/tell them to uninstall, here, it’s a class H felony to monitor another’s conversations and it does a lot more than that.

4) get a subpoena, some states allow you to go before a judge, others may require an attorney. Be clear and concise. Don’t use words that a non IT person would not understand.

Apple collects absolutely everything, it all goes by serial number, no type of program can get around this feature. They know everywhere the device has been, who installed programs and have all data, installations, emails, pictures, cloud storage, deleted emails, password resets, everything!

5) After you submit the subpoena you decide what to do from there, forgive? File charges? But most of all, ask for removal. As long as web clips is still found even after deletion, it’s still there.

Report the MDM to IC3.org! You will have to use another computer. Search the net for MDM, Antitrust, government. It’s a dangerous program to USA security!

I’m not an attorney this is not legal advice.

Good Luck. And it gets on Windows as well.

One more thing, write to Apple Security, use another computer. Tell them the suspects name, ask for help. I agree that they should help! Too many people are getting this and it costs major money and time.

T3ddy19 wrote:

Report the MDM to IC3.org! You will have to use another computer. Search the net for MDM, Antitrust, government. It’s a dangerous program to USA security!

I believe you mean IC3.gov. The address you provided is to some insecure site registered to a company called "Dynadot".

Correction, report to IC3.gov not org! You likely can’t report on your devices, wii have to go to a public PC.

Thank you for the correction!

Correction, IC3.gov (on a different OC). Take a look at WSJ on YouTube, search on IPhone attacks, a ring of ppl (in several states) have been stealing iPhone data!

I’ve found several hidden devices. If it’s the Hidden MDM, it does geo fencing and scans your network for any new devices. It appears they can get into network once MDM is installed, it sends a beacon and it searches for serial numbers. Contact IC3.gov as they (gov) are trying to get rid of the MDM due to security issues! Also, Apple keeps a record of all devices that access your devices, although you will likely need a subpoena. I’ve read a sheriff can issue one. You will need supporting documentation.