My iPhone was accessed remotely

Gravityfed, you described exactly what has been happening to me. No matter what I do - new phone, new Apple ID, new email. Nothing has worked. Any advice would be greatly appreciated.

commCenter is a system service responsible for managing various aspects of cellular communication, including cellular data, voice calls, and text messages. It handles network selection, signal strength monitoring, call setup, and data transfer tasks. It's a normal process of iOS; however, it can be maliciously edited if security measures have been circumvented, so you are right to investigate it, as I am doing the same with my iPhone.

If you've done a complete reinstall, your recovery partition or the firmware may have been compromised, so reinstalls are a waste of time. Even if you buy another phone, the same will likely happen again. I've used different accounts on new devices, and the same happens before long, though lockdown mode helps somewhat.

A new update is available, but within a few minutes of installing it, an AppStore app acting in kernel mode caused a disk write crash, a tactic to gain escalated privileges, bypass security measures, or execute malicious actions, so the merry-go-round continues.

It's NOT always on the person if their phone was jailbroken.

If a phone was jailbroken behind your back by someone like a disgruntled abusive ex, who had already been sneaking into your computer and phone and cloud for years before the breakup, and then they gave access to all that info to whoever they wanted, including any rando online, basically doxxing, where would you begin to correct it and the resulting tech/device problems? When you can't afford to buy a 3rd new phone. When you realize this happened for years after you left the ex and never knew someone was piggybacking on your cloud/device until people got bored and blew it all up.

Even when factory resetting multiple times and making multiple new Apple ID's with a "from scratch" setup (no restore from backup, completely fresh ID and no cloud enabled etc) yet it still doesn't work.

When one has pretty much deleted their entire online presence with the exception of major necessities like bill-payments and grocery orders and health stuff like telehealth. No social media, one real email with one backup email and a few decoys just in case.

Harrasment can't be proven when it's all centered around private personal info being sent to people like family and friends and neighbors and employers and landlords. When people are angry and believe you openly shared their private info but you didn't share their personal info with anyone except maybe in therapy, which has been via telehealth since lockdown on devices that were accessible to your ex before you split.

The only proof is the suddenly hostile/weird attitudes of everyone around you, people who suddenly start to talk about deeply private info they shouldn't know, and it can barely even be reported to IC3 or the cops except to say your prior emails were all hacked and all the contents emptied.

That your iCloud was accessed and completely deleted and in the old data's place were crazy photos to corroborate all the racist social media posts that were made while you thought your account was deactivated or when you were sleeping.

When your cloud had been set to sync WhatsApp and notes you made for therapy and which you thought were set to only save to your phone and then those notes got accessed, copied, and edited to say even more crazy stuff so when you first realized what was going on a reformatted and redownloaded the compromised cloud, all that ended up on your phone were insane photos and crazily edited notes while the original photos and notes and everything else is just gone.

What would you suggest then? Except trying to read logs and trying to become a programmer/hacker/apple device expert. While also trying to chase down any proof that your new device and ID are still screwed up and no matter how many new emails and IDs and WiFi passwords and docsis routers you buy, someone is still tracking you and sending damaging lies about you to anyone new you might meet and messing with your ability to even find a lawyer or tech expert to help sort it all out. When every web page you visit is broken or full of garbage. When your eSIM deletes itself on a regular basis and sometimes becomes a business line and sometimes duplicates itself in the second eSIM slot and sometimes disappears for over a month and you have to get a tracfone and have to change everything to paper mail and these days less and less places are even offering paper mail and if you're disabled social security won't let you use paper mail for your payment for more than 3 months before they cut you off for not setting up direct deposit.

With the ISP router set to bridged mode and with no other router configured to process NAT and DHCP and related services, your network configuration is incorrect. That will have repercussions throughout all connected devices. Instability, crashes, weird errors, a flaky or invalid network configuration will cause endemic issues.

Log files and telemetry are filled with ominous-worded and cryptic and utterly benign messages, and are best left to Apple, and to app developers for their own app-specific log entries.

Hi @MrHoffman.

I have being facing serious security issues for the last 30 days in all our family's devices. Not like being paranoid, but my two MacBook Pro were compromised to the point of having impossible to remove partitions where they are booting from, so I can't even achieve a new system install from the apple server or bootable units. My iPhone is having a similar issue, not even after factory reset to iOS 16.5.1 about 24 hrs ago, it doesn't stop behaving weird, like options turned on and off, a just created iCloud email not working, even with the right Apple ID logged, and all logs I collected from terminal on the laptops and my iPhone, have the same path architecture, names, etc. if you could check the log attached, I would be eternally grateful.

Got your point, but I think I found a really good description to my problem on this other post of people experiencing exactly what I am suffering. Please check when you can. Thanks so much for you valuable tips and taking the time to guide me through this.

cheers!

link: MDM

gravityfed wrote:

Hello false alarm, not true actually, the ability exists to send a message through iMessage even if it’s not enabled.

As for millions dollars that is also not true.

Look up the current exploit offers. Offers for the sorts of exploits that people discuss in these threads are up two two million US dollars (iOS full-chain with persistence, zero click). Apple too offers bounties. If you’re worth that much to your adversaries, you will want to seek security advice and seek device forensics tailored to your particular situation. That’s not likely going to be available via forum postings.

For those here with issues ongoing for six months or more, or for years, those situations will not be addressed around here. There won’t be any new or different suggestions offered around here; things that haven’t already been encountered, been experienced, or been suggested and then locally implemented or rejected as appropriate.

If the local network configuration or local computer configuration is problematic, there will be stability and connectivity issues independent of any purported security issues. I’ve worked with a few folks that were making changes themselves and then forgot those changes, and they thought they were hacked. And I’m aware of folks that were targeted with some very expensive exploits.

Searching telemetry logs for evidence of exploitation is looking for needles in ever-increasing numbers of haystacks, and without knowing if there are any needles in any of the haystacks, nor what the needles even look like.

I'm sorry to hear about the issues you've been experiencing with your devices. It's always concerning when you believe your privacy has been compromised, especially when it involves personal devices that contain a lot of sensitive information.

I've reviewed the analytics data you've provided and here's what I found:

1. CommCenterNVMSync: This is related to the communication center of your device syncing with the network. The logs show that these syncs were successful and there was something to sync, which is normal behavior.
2. CommCenterLTESwitch and CommCenterNrSwitch: These logs indicate switches in your network communication, possibly between different types of networks (like LTE and Nr). This is also normal behavior, especially if you're moving around or if your device is automatically switching to the best available network.
3. CommCenterBasebandFilePush: This log shows that some files were pushed to your device's baseband, which is the part of your phone that handles communication with the cell network. The reason given is "kBundleChange", which suggests that this was due to some sort of update or change in the network settings.
4. CommCenterEntitlementRequest and CommCenterEntitlementResponse: These logs are related to your device requesting and receiving entitlements, which are permissions or capabilities granted by your carrier. The logs show various types of entitlement requests and responses, including some with status 6000 (which typically means success) and entitlement status 6100 (which is also typically a success status).

From the data you've provided, I don't see anything that stands out as suspicious. The logs seem to be related to normal network operations and communication between your device and your carrier's network.

However, it's important to note that this is a basic analysis and may not catch more subtle signs of intrusion. If you're still concerned, I would recommend the following steps:

1. Consult with a cybersecurity professional: They can provide a more thorough analysis and give you personalized advice based on your situation.
2. Change all passwords: This includes your Apple ID, email accounts, social media, and any other accounts you access from your devices.
3. Enable two-factor authentication: This adds an extra layer of security to your accounts.
4. Be cautious with emails and messages: Be wary of any unexpected or suspicious emails or messages, as these can be attempts to gain access to your accounts.
5. Keep your devices updated: Regularly update your devices to ensure you have the latest security patches.

Remember, security is a continuous process and it's important to stay vigilant. I hope this information helps, and I wish you the best of luck in resolving this issue.

Best,

nexusnode

I am 100% confident no one is remotely accessing your phone. What you are describing would require multiple zero-day vulnerabilities which are hoarded and used in state-sponsored attacks. These are worth millions of dollars each.

Modern iPhones are very locked down. It is simply unrealistic that someone is remotely hacking your phone unless you are a high-value target.

Why do you have your router in bridged mode, and what other local device has taken over the routing responsibilities here?

And… why?

The usual reason to switch an ISP router box into its bridged mode is so that a second firewall/gateway/router/NAT device can be installed by the local network administrator between the ISP box and the local network.

Trying to interpret apple diagnostics isn't meant for us mere mortals. Unless you have jailbroken your iPhone, the chances of your phone being accessed remotely are most unlikely. If you have jailbroken your phone, anything is possible and that would be on you and there is no one here who could possibly help you with issues which happen on jailbroken phones.

Otherwise, trying to read diagnostics, which only Apple can do, is an act of futility.

The only other way someone could remotely access your iPhone is if you handed your phone to them and they installed Remote Management Software on the Phone. Go to Settings > VPN & Device Management > If there is a profile there, remove it.

Change your Apple ID Password too, if you are concerned.

Not sure if this is normal or not, but I can find the words "remote controlled" several times, and Wi-Fi, and other things that don't match my config.

All of that is normal log chatter.

AWDD is Apple wireless diagnostics.

You’ll want to acquire evidence of a security compromise, which is not these AWDD logs.

If there are performance or stability issues here, the add-on security apps would also be the initial suspects.

That's the weird thing. My phone is not even close (or shouldn't) to connect to the router, as it's in bridge mode and the phone is using cellular data. One of my laptops (an old 2012) I even disconnected Bluetooth and Wi-Fi antennas, I removed the ssd, then connected an external dvd reader to boot the original old OS, and even so, the partition are there, even with a new ram memory. My guess is this codes may have been installed on the firmware? My iPhone's options keep turning on and off, and honestly, I'm about to collapse, specially after supposedly been fixed at the service shop...there are some "exceptions" installed on my laptops proxies, ahhhhh, I'm going crazy. Is it possible a remote intruder to gain control by connecting to my MAC addresses, or installing stuff relating my devices to a parallel Apple ID I don't have access to? Maybe with Xcode or something? Because I got tons of codes related to swift on my laptops