MDM on personal iPhone - Businesses, unauthorized developer activity HELP!

Hi folks,

I've spent this whole year to date researching this campaign since I first started noticing non-typical activity on my iPhone, MacBook Pro and Mac mini. I've been using Apple products since the 80's and am fortunate to have never had any issues until now.

First I must preface the rest of this post by saying that some of the behaviours you see are BigTech harvesting user data. This has always been the case and is written into user-agreements you accept upon activation. Add on top of that any app you install will also have its hand in documenting the activities you engage in on your computer, device or 'smart' connected tech as is written their terms (linked on the page) you accept upon downloading and installing. 

You only need to glance over the privacy notice within the apps information on the AppStore to see the scope of what some apps collect. TikTok remains the top of the list closely followed by the big social media brands etc. There are also many apps still on the AppStore who have not updated since Apple introduced mandatory display of the data the app intends to collect, so exactly what they are taking from you remains unknown to its users.

However, while BigTech data extraction is a typical event on tech, data is a trillion dollar business and has undoubtably attracted the attention of bad actors who want a slice of the pie which is why there is a high prevelance of data mining exploits.

I'll reiterate a previous post that agrees, you are not imagining things. Whoever is behind the non-typical activity we are experiencing - likely has MDM-like control over your phone/computer.

You're seeing developer activity because developer mode is what the MDM-like behaviours are implemented through. This is occuring even though you all report there are no MDM certificates installed, the developer mode option isn't activated in settings, you are not enrolled in the beta or developer program and finally, you don't have TestFlight installed.

To date, Kaspersky are the only voice in the threat-hunting world who recently openly declared they no longer believe that Pegasus-style attacks are limited to only a small handful of people. They assert this because they invited comment from the general public regarding the 'Triangulation' attack and were flooded with emails with evidence of similar attacks on civilian devices.

Although much of the detailed information on these attacks are not public, what I have personally observed regarding the permissions attributed to various daemons and processes on iOS and macOS is attributed to the events many of you are seeing too. These are closely aligned to 'Triclops' (the only Pegasus-style survelliance documentation in the public arena) which appears to revolve around developer privileges. While I am not making any claims that what are experiencing is linked to the groups carrying out attacks on high profile targets, I am asserting that there is a group behind this long-running campaign who have leveraged developer privileges for the purpose of data extraction. The vast amount of evidence strongly suggests the three goals are scams, advertising interference and intelligence gathering.

I'll leave it here as I wish to respect the Community Use Agreement, but take heart, the number of people noticing non-typical things on their tech is growing. I look forward to maybe one escaping their clutches and reclaiming my tech, my accounts and just maybe, a little bit of the fun and awe tech used to provide.

I have some information that might be helpful. After years of looking for answers and getting none I discovered this sys diagnostic test.

https://support.umbrella.com/hc/en-us/articles/4406646902420-How-to-capture-a-sys-diagnose-from-an-iOS-device

I think you’ll be surprised with what it can reveal.

I am having the same problems and more…connected to cameras, speakers, amps, I could go on. Intelligence platforms are running in my analytics. Mobile Obliteration, Pegasus, shim remotes.

I tried to post some pictures here but it’s blocking me. I’ve been making all the same calls to tech supports. No real answers other than yes my device is being remotely accessed. I’ve had a dozen new phones since this began. Everyone of them have the same problems. I have managed to do a couple resets but it was compromised again within a hour. I’m still looking for answers like you.

Do you know of any websites with specific information? I’ve googled many platforms listed in my analytics so I know who it is. Any suggestions for a way to get it confirmed?

One other method of their intrusion is changing your time zone / date and time to a far earlier date years before you even purchased the device. Installing malicious software then changing the time back to actual current time.

if any of you use iCloud Photos (which isn’t ideal) make sure you go through and check the time stamp / location meta data as I’ve noticed a few of mine were updated to a time and place that iCloud would not recognize thus not including it in the synch so if you restart your device. You’ll lose those photos / videos.

don’t use google photos because they’ll just corrupt your videos (evidence) making them incompatible and useless.

oh and don’t use external hard drives because those will become compromised too lol there’s literally no end. I’ve tried everything and I am not tech savvy what. So. Ever. To the point where I’ve just accepted it and live my life with them watching my every move. It is what it is. The level of intrusion is so sophisticated that it’s almost like it’s out of this world sophisticated. Who knows at this point.

Looks like my original post was deleted? Idk I’ve never actually posted anything on here before but good thing I saved it before I posted it…

After spending the last year or two google searching anything that seemed fishy in my analytics logs, I’ve finally, finally and finally! Stumbled upon the most solid and concrete description of what’s been happening to me over the past two years with my devices. What a breath of fresh freakin air. 

The process I searched for that brought this thread up was “AppleH13CamIn” found in an analytics log labeled “Stacks-2023-10-18.” 

It is 100% the MDM and what one reply here mentioned as the “Invisible Beta.” Though not so invisible now that I realized they were unable to hide the “Feedback” app in the “Per-app settings” found at the bottom of the accessibility setting. The “feedback” app is usually only available to devices registered to the beta iOS program.  100% using Xcode as their method of hacking. 

From what I gathered, there has to be some sort of hardware issue (either methodically or accidental) that is powering a BT process that keeps this intrusion alive. 

One thing i noticed too is, the Rokus on my network were being converted and used as a WiFi 4 protocol hotspot that was acting as a sort of evil twin router and fooling my device into connecting. I live at home and my mom still has an iPhone 6+ that hasn’t been updated since iOS 11? That she refuses to update so I’m practically SOL. 

Someone asked about what the “trial rollout” well here you go: 

stateDbVersion":3,"trialExperiments":"0","trialRollouts":"2","version":"2.4"}

activeTreatments":"100:210304_control,101:210415_control,102:210304_control,103:210304_control,105:210304_control,106:210304_control,107:210304_control,104:210304_control,108:210601_control,109:20419_control","

Count":3,"bug_type":"225","reason":"rejected-config"},"name":"LogRetirement","

Logs are consistently labeled as rejected. Someone mentioned Skywalker is an actual keylogger? I’m seething Skywalker doorbell logs and an unidentified haptic device connected as a home accessory. I don’t even use apple home. 

Logs also detail - HMDRemoveAccessoryPairingLogEvent

There are daily multiple “Hardware data resets” and initial unlocks “after boot” while charging. 

They must be utilizing some sort of stingray to mimic LTE connection. 

This is literally an intrusion from every direction. An intrusion that my neighbors are in on (phone was stolen off my driveway in a nice neighborhood at the end of a culdasac not even 3 minutes after I left it there I see 3 individuals walking way from my house that I’ve never seen before and no phone in sight) 

one thing that helped was create a physical vpn. Modem - bridged router - switch - 2nd router. 

I think they also get in through the power lines. What a freakin mess this world is. So sad really. 

[Edited by Moderator] 

Park3rr wrote:

<Trial rollout.log>

I’ve attached the trial rollout log that my stacks diagnosis output gave me

Agent Dragonfly, the person to whom you keep replying, hasn't been seen in this thread since early April. I'm not clear what you're expecting will happen as a result of you posting your "output".

I posted to someone earlier. I 100% think it’s a Stingray or Dirtbox. I don’t even have the energy to go through everything they have destroyed. They have completely stolen my identity and have done things like set up accounts using my name and number. I’m being hacked, spoofed, phished and doxxed. I actually think my Pc is the source of hacked passwords. Did you ever get anywhere with this?

I guess my last post was deleted. I feel like I have found “my people. I’m compiling all my issues for everyone; FBI, FCC, FTC, local law enforcement. Sorry for all the posts but I feel so much better knowing that I am not alone. See earlier post for how many devices and carriers I have been through. I’m not entirely sure what exploit everyone is taking about but literally can’t function on any of my devices. I realize the implications of what is happening and how companies are going to try to cover this up but I feel obligated to go public. This is the craziest thing I have ever seen. I could definitely use some more explanations of what everyone thinks is going on (in plain English). My last post was asking about everyone’s location. Im asking because I am almost 100% positive that a Stingray or Dirtbox is being used since I am also being spoofed, combined with the this exploits that take over so quickly. I mean I’m spending all my time fighting this. It’s so unbelievable I keep thinking it’s a joke or test or something other than a stalker (which I definitely have). Can someone please reach out to me to explain what they think the exploit is in as plain language as you can. My PC I swear was being used as a mini server. I watched all these people log in an out one night. They used my name and number to set up fake accounts. Seriously, I cant make a call, they pick up, I can’t send an email, they have the password to all of my accounts, I got through to the FCC but only because it was a form. I would like reality back. I want to know who I am taking to is who they say they are. I don’t want to have to guess if someone emailed me and it got deleted. Help!!!

Omg I’ve been going through this for 5 years there is so many of us with the exact problems, every phone laptop MacBook router cctv gaming console

multiple ids sims esims Carriers internet providers

im not sure if a combination of stingray and Iot or separate

but have now found iot core version os on my home version pc just to get the mdm privilege so looks like I’ll be searching for a clean device to dfu my 14 pro for a few days peace.

I’ve only replied to add a me too in hopes someone figures it out,

or at least 1 more to add backup for a support call to lose 2 hrs of your life you won’t get back

I’ve lost more than a day over the 5 years and the last 1 was to go to the police, who directed me to a cyber tech for concrete proof ($800/hr was the best quote I got)

Desperatelyneedhelp11 wrote:

I’ve been experiencing exactly the same problems and haven’t been able to make any progress. Have you had any luck?

The person to whom you're replying hasn't been seen in this thread since April.

Nothing. But on my Mac air I’ve run the commands (lmsk??? sfltool dumpbtm ps xawww | grep.. ?? I forget) and found MDM (force time and date etc) and there are install logs for random stuff, a little above my head, in the system info, so two cheers for Settings.app. It gets worse since I’ve tried to hire outside help because they always muddle things up with their own stuff instead of just looking into the machine. (I’m suspicious of them now sad:( since I have experienced so many DDOS attacks…)

btw what happens when you got to activity monitor and look for controlCenter>Wifi>network or whatever. Do you have 3, maybe 4 processes running like ControlCenter>WiFi, and (CC>WiFi) and ((WiFi)) and (((WiFi))) & ((((CC>network>wifi)))) etc ?

Hi Katie,

it sounds like your already on the right path with blue tooth and your apple id. If you buy a new phone, dont use any of the old apple ids you have had, be careful of email and sms attacks and most of all, make sure no settings can be changed while your phone is locked / unattended. and of course wifi too, if you haven't check out apple developer programs, basically all they need is your apple ID and device numbers and access to your phone when they have the password. Your in it for the long haul, but don't fret - you'll get there!

J.

i've had same issue senior support hangs up on me een sealing with this for 5 years now had 5 brand new iphones quit working an ipad as well support sets up a call from senior advisor i explain issue and soon as i do they hang up on me currently out over 10,000 dollars in brand new personal iphones .hired a private investigator team and all information they have collected goes all the way back to a developer from apple hacking me and trying to blackmail me for 1500 dollars for some reason they tracked the call back to austin texas and next week they are flying there to confront the developer who did this wish me luck this is a major fraud and cyber theft issue and will hopefully end up throwing developer in prison and refunding all my money i've been ripped off for for last 5 years but we will see next week just wish the developer would of came forward on there own and turned themselves in but we will see come next week have documented everything since day one 5 years ago

my emergency reset won't work says try again matter several times over last two weeks phone is shareing g info on its own i change settings go to bed wake up phone changes back all by itself it's cyber theft on the highiest level 5 iphones an ipad all quit working within 1/3 month us after purchase and apple senior support hangs up on me after i exsplain what's going on

Funnyguy52 wrote:

i've had same issue senior support hangs up on me een sealing with this for 5 years now had 5 brand new iphones quit working an ipad as well support sets up a call from senior advisor i explain issue and soon as i do they hang up on me currently out over 10,000 dollars in brand new personal iphones .hired a private investigator team and all information they have collected goes all the way back to a developer from apple hacking me and trying to blackmail me for 1500 dollars for some reason they tracked the call back to austin texas and next week they are flying there to confront the developer who did this wish me luck this is a major fraud and cyber theft issue and will hopefully end up throwing developer in prison and refunding all my money i've been ripped off for for last 5 years but we will see next week just wish the developer would of came forward on there own and turned themselves in but we will see come next week have documented everything since day one 5 years ago

There appears to be something wrong with your keyboard. The period key only seems to have worked once and there are no capitals at the beginning of sentences. This makes your post very hard to understand.

I’ve attached the trial rollout log that my stacks diagnosis output gave me