MDM on personal iPhone - Businesses, unauthorized developer activity HELP!

Dragonfly, I keep getting a pop up to reply to you, but then I see no questions or comments?

AgentDragonfly appears not to have posted in this thread since April 4, 2023, over a month before you started posting here.

You will get email notifications if anyone posts in this thread. But, largely, the only person who seems to be paying any attention to you is me.

According to my sources, there is apparently a glitch in the forum software that is sending out notifications from the original post whenever you post in a thread. So, no AgentDragonfly has not posted since April but you may be getting notifications that they have. The issue has been brought to the attention of the appropriate authorities.

Well, now I’ve been blocked from the reply button! This is another common symptom with other sites as well. But for now, your name pops up requesting help, so I can respond. Could you please respond to the post by “FunnyHoneyBunny”? It sounds like someone who has access to her network has been compromising her iPhone. In her case (or anyone really) a new phone won’t help if it’s MDM due to the geofencing. Also, any device inside the network is trusted by default, even IoT that don’t have passwords! All the culprit needs initially is the PIN to compromise the device, then make a full copy in a couple of minutes. Saved passwords, unencrypted is bad as well. Many apps designed for companies can monitor almost all activity. Downloaded apps “shared” as “family” in the same network is also a method used to install (hidden) apps. I hate to see the struggles of so many. At the same time, I don’t have to hear “that’s impossible”, YES, it is very possible! I wonder if there could be a rogue MDM on the dark web? My windows computers are destroyed, so I can’t look on my iPhone. My situation is getting worse, including home break ins, theft (more very personal items than items of value), some things I dare not say! I also live alone like “FunnyHoneyBunny”, but who then is on her network? If it’s not an MDM, I would think a reformat would take care of it, along with resetting passwords and white listing devices on the router? She does not want to backup to the iCloud. That is not required. She could back up addresses and photos first, then reformat the device but choose not to backup apps. Purchased apps could be restored! Now, let me see if I can post. This site is very helpful for me as well, so I hate the “reply” button no longer works (unless I go to another computer on another network). I really wish Apple would help with this issue, so many ppl have tried so many things, like me, reformatting, new devices, changing IDs, anything! But the MDM uses the serial number, so doing the things I’ve done does not help. The geofencing adds new devices. And to anyone, I gather the MAC computer (which I don’t own) is required to administer the MDM, but what/how is the geo fence set if you remove all devices if no serial number to connect with?

I’ve seen much of the same activity. I had 87 scripts listed under “shortcuts” using JavaScript. There is an app in the store that enables or provides these various coding methods (not the library). That was downloaded and hidden on my device. Same here with “options” cut off, no web tool bar, no email headers…unless you go to a public computer, then you can see much otherwise hidden info, in my case, for email and other accounts.

Be careful if you look at scripts not to execute, a simple single word may be associated with dangerous code that is apparently stored in the cloud, not iCloud, but other installed cloud services. Mine has a “managed hotspot” that resolves to Apple. According to MDM documentation, you have the option of getting a managed hotspot with the MDM. It uses this Wi-Fi connection, then can connect up to 8 devices with Bluetooth provided they are within range. And, it or other hidden downloaded apps are capable of impacting every operating system I’ve seen, Windows (an MDM wildcard search will show MDM files. Keep in mind that MS Office uses it, but I’ve seen nothing that indicates this MDM is dangerous. I have an inexpensive Wi-Fi detector that will pick up the signal when it’s on, and it’s always on lately. It has been coming more into the “light” lately as a dangerous app if in the wrong hands. I was actually told who had 2 missing devices, and which accounts were installed on them!

it is likely the person you suspect, and it’s so easy to make a full copy of your device if someone shoulder surfs your PIN and has access to your device for a few minutes! This person wants me to know it’s them, based on some info that appears on my device, like their name! This past week I had two more apps installed (they showed under the App Store as purchased, then disappeared. You can search on Apple on how to see hidden purchases, but many don’t show up. Several are free, provided you agree to allow access to all data. My hacker even did a Siri Search to find my posts. Continued…

Ok, I was incorrect about the Wi-Fi and serial number being the same as a user pointed out. But the MDM uses the serial number and a beacon to find your device, and it scans your network using “geofencing” to detect any new devices. I’ve heard all the “impossible” comments as well, they have no clue! I’ve had my devices reformatted and bought new ones (new everything at one point), but since someone had one of my devices (now two since earlier last month) and was apparently using a MAC computer (required) to remotely install the MDM on my new devices, it didn’t help. And, it’s a free app. But there are other “entities” looking at the dangers of this program if in the wrong hands. You have to search a bit, but it’s out there. I’ve also seen GitHub and Python, along with many new scripts under shortcuts and programs the programs always get hidden after installation. I’ve wondered if there could be a tool or method to compromise the MDM on the dark web? I’d been in Information Security for about 30 years (CISSP, CISA, CISM) in one form or another, but I’ve never seen anything that compromises so quickly (3-5 minutes). If I still had the same job and title, I’m sure I’d be able to get it removed. But due to unfortunate ongoing surgeries, I’m no longer in security.

mine sends out fake emails as well, and automatically deletes needed ones. I likely mentioned this already, but go to a public network, your email account, and view source. I was surprised to see settings that created a fake page (JavaScript) and hide auto deletions and hidden folders. My banking page is also fake. I read on Apple documentation (I think that was the source), that the MDM does not use Safari, but instead it uses web clips to show pages. This allows considerable actions and views, like view source, tool bars, headers.

You mentioned FaceTime, FaceTime was used to contact Apple for over an hour using my phone number. Apple won’t accept FaceTime. So it was not actually FaceTime, but actually a “feature” under accessibility options that permits you to enter another phone number and impersonate the victim. There is usually a history, if not deleted. But check the numbers used if the access looks like a phone call. It also allows incoming calls, but they disable my phones when using this method. It seems like I saw something about beta somewhere, but don’t recall exactly where I saw it.

I have learned there is a history available that can tell you the location of access, although I’m not certain if it’s because they had my stolen devices? A subpoena would be needed. I did see an error in one log that was 313 (I think) and said something like “another person is using your ID or device”. There is so much.

A family members account was also recently put on the most recently taken iPad. Idk how they did that, unless it was from being at my house?

How did you discover your logins were going through APIs like GitHub, Google and so on? Is that info on a MAC computer?

BTW, you mentioned a web site, if you have a web site and company email, you could enroll in the MDM. I’d guess it would not overwrite the current one, but it’s free. You could buy a cheap device, keeping everything offsite with no iPhone, then install the MDM on it.

BTW, checkout LinkedIn and search on MDM with keywords malicious and such. There is more out there. This is not impossible and you are not going insane, unless from the constant bother. Also, check put .gov, MDM, parental, more interesting things.

What a great job you have done in finding all these things! I’ve made some errors when I’ve attempted to respond to ppl, then I get the “junk yard pit bulls” come after me, or the preferred polite responses, some say “impossible!” about error (some are not errors) unless this has happened to you, then one can’t understand the impact. Can you say what you have used (device wise) to detect these things? My devices get compromised as soon as I turn them on (in my house). I also found a “managed hot spot” which I can’t delete. I signal detector goes off if I

type or look at anything. I disconnected my Wi-Fi completely. Then the hotspot appeared, it may have been there before, which would bypass firewall rules, it connects to Bluetooth (up to 8 devices can connect to Bluetooth), and it spreads. When Wi-Fi is on, the IP of the “managed” Wi-Fi appears. My carrier insists there is no Wi-Fi hotspot since I’m not signed up for one, I attempted to install one, and it would not permit, without paying more. As far as the CMD, ssh, sftp and more, well, there is an app for that. Go to shortcuts, add one, clear the bottom section, type in ssh, and see if something appears! I have several of the same issues as you, but I’ve not been able to detect them as devices are disabled or destroyed. It started following a missing iPad, mostly iPad exploits (hidden apps, system settings changes and so on, you know the drill). Then escalated to home alarm hack, home B&E, vandalism, fraud, identity theft and more.

Don’t second guess your sanity, but I understand completely. Many ppl have experienced the same thing. Now, I can’t download the most recent update! Maybe it has something that will help? Have you made any progress? It seems like new devices, or old ones that I’ve not used get compromised within minutes (others have said the same). I’ve seen the MDM (aka Apple Configurator) downloaded, but wonder if it could be a rogue MDM? Perhaps from the Dark Web? It is so technically complex! I’ve been in Security (one form or another including Global IT Security Manager) for about 30 years. I’ve never seen anything with so many facets, not even the APTs. have you looked for NFC? I have a couple in my home, along with other planted devices. There are detectors out there, although the cheapest one would not pick up a NFC, my Wi-Fi also goes off when I’m driving. Also, check out LinkedIn and there is some info there. I really wish Apple would help!

I am right along with y'all. I've been thinking I was going crazy now for months and everyone looks at me crazy when I try to explain about my iPhone. I have to go make a report at Sheriff's Dept. I don't have as much loss as y'all do but it has sure taken a toll on my mind and sleep...

So what is it? I mean is it a person behind it all. I am not that computer literate but I knew something was definitely wrong a few months back. I just recently got back into my Apple ID now I'm locked out of Gmail, Yahoo and Outlook. It has gotten my iPhone SE, 2 iPads and a laptop. I noticed just yesterday I was supposed to get a call back from Apple support and the number was actually blocked in my phone. Now I have to wonder if I spoke to a real Apple representative to start with when they called before or not. I need to get back into my accounts soon... I don't know what to do next...I am totally at a loss. It was my late husband who knew computers not me. I have issues to Personal Hotspot..,actually everything I have heard on here tonight I have same or similar issue.

Same same Same here. EXCEPT: I am NOT an employee yet constantly have indicators or error messages for my administrator! The suspect had been already into my devices to track and monitor me ( for 0 reason other than he was reflecting). 3 years. Right down to the printer. Police called me delusional but I’m not giving up.

my question is this.. what do you do when your Apple accounts been taken over and the device it’s linked to remotely reset to iTunes by itself overnight.

have I really lost all my pics of my babes growing up and personal information? The account is still active but I can’t get the 2FA. The login info has been changed about three times. Twice to emails and numbers I had never seen or used. Now when I try to recover it it back to the original login but can’t get the 2FA pin to change password. When I call support they can’t give me info as the account isn’t in my name?! 😢

Right now 2FA is the devil when phones been cloned or SIMSWAPED or hacked via your internet provider router, that had a reset secure password. Infected phone infected the router and the printer I’m thinking. Still no police will investigate my evidence , which is very incriminating for this horrible person who’s made me part of their business to stalk me after leaving the marriage. How do I get support through apple business when I’m technically not associated with a school or business account?? I’ve been trying everything but I do t know the domain name. And apple support sees me as a regular customer. Help!

But from what I’ve been able to understand, the MDM is only a tool to monitor devices and platforms. It doesn’t install the hack. And deleting it alone will not free your tech.

Also, new tech brought within range of infected devices does not have to be setup and running to be infected as well, just near enough. Many of us have kept our old tech for whatever reason and that’s why anything new is almost instantly hacked.

And once you’re hacked anything is possible. After 9 years and 9 phones being rendered useless I’m starting to learn a few things. Heck, I don’t even have dial-up or internet at home or even a computer. But, I saved old “bricked” phones because I wouldn’t be able to get pictures or videos off of them. Everything has to go.

Also, nobody understands what it’s like to be hacked until it happens to them. With every kind of privacy invaded and your security of having a phone is taken away, any of your contacts with emails that you are around with infected devices can also be attacked and hacked.

Cybercrime, whether it’s an ongoing, malicious and personal attack or if it’s a swipe and go hack aimed at credit and banking info, even data ransom heists, are all knowingly not dealt, investigated or charged according to supposed new laws.

Ignoring and downplaying these horrible attacks is the same as banks and credit card companies writing off accounts being hacked. The hackers and open source, developer, enterprise software and apps are winning. Big Tech and hackers have every reason to get bigger and better because there’s no accountability or adverse actions taken against them.

For most of us legitimate tech users there is denial, blame and little to no information. Reset and change passwords all day, cry a little and even doubt our own sanity but what we all end up doing is buying more tech that immediately gets infected. And repeat. Big Tech wins on both ends and we keep paying for it.

TraceAble

Did you have any luck with the sheriffs department? I’m not always 100% correct, but trying to help others and get help. I’ve found a MANAGED Wi-Fi hotspot that resolves to Apple based on IP, it seems to be running most of the time, but in particular when I do anything. I don’t have (or should say I never purchased a hotspot! Since it’s managed, I can’t delete it! Several other things pop up and say “you can’t do this on a managed device”. I read on Apple that the the hotspot is an additional “feature of the MDM. Also, per MDM Apple documentation, some options and things I’ve experienced are hidden headers and footers on Web Sites and email (you can’t see the actual sender of the email). Apparently, the MDM uses “web clips” to filter and prevent seeing this data. Try going to a public computer, sign into your email, then “view source”. Mine was redirected to a created page that appears to use JavaScript. Many features were hidden, like deletes of password resets to Apple and other accounts. Lots of hidden apps are downloaded, remote access, now more, about 4, 2 banking apps, one screen recorder and print screen capture, one complete control of your network and everything on it, many more apps. I was in IT Security for a long time, I’ve never seen anything like this before.

I had someone install an MDM before while I was in the hospital, I found the vender name using a Windows device, it was removed right away. But not this time. The MDM link even includes a “HIDE” option. Since it includes a Wi-Fi hotspot, firewall rules are bypassed. AT&T had an attack a while back where employees were installing “hotspots” on victims. I’ll see if I can find that article, can’t put links on here, but can provide search terms.

based on what I’ve experienced and read, it’s likely someone you know, they only need your PIN and hands on for a few minutes. Once it’s on one device, it can remotely installed to almost everything, all computer types, certain TVs and much more. I’ve attached 3 pics. So what to do? The only thing I can think of is to get a new device and install a similar MDM before you bring it home. I’ve not tried this yet, so I’d try it with something new. It gets on Android as well, so that won’t help. Or, get a subpoena and see if you can get a restraining order. Be careful when asking for data to make sure you get all recent connections to your network, device name, serial number, user name and Apple ID. I really wish Apple would help. I’ve read the Sheriffs Dept can issue a subpoena, but that’s based on state. I’m not 100% certain if it has to come from an attorney? I’d really rather not have to hire an attorney. I have 2 missing Apple devices, I know who had them, but they also use a Mac to go into the iCloud and download and share apps. They also use Family Sharing and Bluetooth. They connect via hotspot, then can connect up to 8 devices using Bluetooth. They also use the clipboard to collect data (under shortcuts and using scripts, mostly JavaScripts but other as well. Even when Wi-Fi shows as off on the first page, it’s still on. Once data is collected, I’ve seen it texted or emailed (using my address!), also under shortcuts and scripts. Anything I’ve tried to cut off Bluetooth or Wi-Fi hotspot works for a little while, then turns back on again. I have a Wi-Fi detector, but just keep it off most of the time due to constant beeping indicating Wi-Fi! The battery runs down quickly, and the cell signal drops from 4 bars to 2 bars. At one point, there were 87 scripts on my phone. I don’t have data on here, no fascinating life, and it keeps escalating. IC3 (gov) is very interested in this topic. I’ve yet to report the suspect, hoping they will stop, but it just gets worse.

MDM is the starting point of the hack, it takes complete control of devices within the geofenced area, for me; downloads hidden apps and hides them, screen recorders, remote access, banking apps, spyware, and much more. replaces web sites with fake ones, collects data, often sent to another cloud service. Runs malicious JavaScripts and other programming tools under “shortcuts”, hides headers on web pages and hides email headers as it impersonates you email account,

The MDM (or mine anyway) installs a MANAGED Wi-Fi hotspot. That will over ride your hotspot. I was glad to see these postings, as I’d never seen anything like this before. I had an MDM installed on my windows PC on another hospital visit. Found vender name, called them, they removed it right away. But it was not as destructive as this one. How horrible someone is doing this to you after you lost your husband! But he could not fix it either. It would have to be removed by installer (likely someone you know) or Apple. And Apple won’t support this Apple developed app! Reformatting, buying new devices, useless. It gets on everything, Windows, Android, Google, router and more. What it can’t do, it downloads another hidden app to do. I’m trying to collect everything to remove from my home, but I can’t tell what “everything” includes. I also read it can be set to prevent scanning apps for Bluetooth, Wi-Fi and such. You have to buy another device for that (with no Wi-Fi). The State Department of Justice and FBI is interested, send info to IC3 (dot gov).

The first install has to be hands on, after that, all can be done remotely. So, if someone knows your PIN, it only takes minutes. It’s likely someone you trusted very much. And, many of the key-loggers that are often used (found one on mine) often contain more malware.

Good finds! Most if not all people with this hack are users with personal devices. My routers (4 personal, 2 from ISP were taken over). At first, I’d disconnected my internet completely to try to reset the router, but they were getting in anyway. I discovered a “MANAGED” Wi-Fi hotspot with an IP that resolves to Apple. I went through the same thing after a device went missing while I was in the hospital. And it’s hard to prove all the hidden apps! Many are free, so you can’t cancel them. I’d suggest making copies of others issues for the police. I frequently get warnings as well, saying things like “I can’t use messenger when under business management”. They use the Wi-Fi hotspot and Bluetooth to spread to anything in “geofenced” area. Read Apple documentation about what this app does! It can hide almost everything. This seems somewhat new, at least to such a degree of destruction. The police are not technical and even some those that are technical claim it’s impossible. But reading documentation and compare user notes, your notes, and Apple MDM documentation it is obviously very possible. Too bad that people we trust the most would do such things. What does not work: changing password, reformatting, buying new devices, creating a new Apple ID. Good luck!

Oh, IC3 (dot gov) is interested!