My iPhone was accessed remotely

Over the last several months, a few seemingly minor incidents triggered me to increase my home network’s security and to start paying attention to the devices connected to my network. However, there has been a sudden

increase in the frequency and severity of events which has led me to investigate the situation more thoroughly. After many hours of research, I am confident that (at the very least) both my laptop and my iPhone have been accessed remotely. For how long, I’m not sure (but if my crazy, narcissistic ex who has a history of spying on me has anything to do with it, probably a long time).


I completely reset all my devices when I first became aware of the remote access to my laptop, which I only just discovered during the last week. Unfortunately, they managed to gain access again so this time, I completely wiped the hard drive on my laptop and re-installed Windows from a recovery drive, and as for my iPhone, I did a complete factory reset, created a brand new Apple ID during set up, and because I believe access was obtained by hacking my network, I did not connect to any wi-fi or Bluetooth device and have only downloaded a VPN, virus protection and private browser. I’m hoping that someone on here could review my Analytics Data since the reset and tell me if anything still looks suspicious or if all looks good now.

Posted on Apr 30, 2023 7:32 AM

Reply

Similar questions

25 replies

Jun 25, 2023 8:28 PM in response to Community User

With the ISP router set to bridged mode and with no other router configured to process NAT and DHCP and related services, your network configuration is incorrect. That will have repercussions throughout all connected devices. Instability, crashes, weird errors, a flaky or invalid network configuration will cause endemic issues.


Log files and telemetry are filled with ominous-worded and cryptic and utterly benign messages, and are best left to Apple, and to app developers for their own app-specific log entries.

Jun 25, 2023 9:08 PM in response to MrHoffman

Got your point, but I think I found a really good description to my problem on this other post of people experiencing exactly what I am suffering. Please check when you can. Thanks so much for you valuable tips and taking the time to guide me through this.

cheers!

link: MDM

Jun 26, 2023 8:21 AM in response to gravityfed

gravityfed wrote:

Hello false alarm, not true actually, the ability exists to send a message through iMessage even if it’s not enabled.
As for millions dollars that is also not true.


Look up the current exploit offers. Offers for the sorts of exploits that people discuss in these threads are up two two million US dollars (iOS full-chain with persistence, zero click). Apple too offers bounties. If you’re worth that much to your adversaries, you will want to seek security advice and seek device forensics tailored to your particular situation. That’s not likely going to be available via forum postings.


For those here with issues ongoing for six months or more, or for years, those situations will not be addressed around here. There won’t be any new or different suggestions offered around here; things that haven’t already been encountered, been experienced, or been suggested and then locally implemented or rejected as appropriate.


If the local network configuration or local computer configuration is problematic, there will be stability and connectivity issues independent of any purported security issues. I’ve worked with a few folks that were making changes themselves and then forgot those changes, and they thought they were hacked. And I’m aware of folks that were targeted with some very expensive exploits.


Searching telemetry logs for evidence of exploitation is looking for needles in ever-increasing numbers of haystacks, and without knowing if there are any needles in any of the haystacks, nor what the needles even look like.

Sep 7, 2023 7:14 PM in response to riaricks

I have to STRONGLY suggest that you Apple brain-folks are without a doubt geniuses, but sometimes the tone and "100% guarantees" that nothing malicious is EVER done in the bowels of these machines is not enough for me to feel comfortable with your blunt and sometimes lofty comments. These folks (myself included) are just concerned and want to understand that they are safe. Pleas have a little patience and compassion before shutting down their requests for help. It's unprofessional and unnecessary. That being said, thank you for those of you that do ease concerns by explaining things to us less educated in this area. We appreciate your feedback and time. Thank you 🙏🏼

Sep 20, 2023 9:20 AM in response to Community User

Re: JetsamEvent-2023-06-25-224214


This is probably the first indication all is not well.

"csTrustLevel" : 0,


Secondly, these are a few of the other indicators:

"ManagementTestSubscriber"
"betaenrollmentd"
"com.apple.SiriTTSService.TrialPr"
"ManagedSettingsAgent"
"InteractiveLegacyProfilesSubscri"
"LegacyProfilesSubscriber"


Check other logs for a Beta Identifier UUID and if one is not knowingly enrolled in the Apple beta program and have the TestFlight App installed that'll confirm an active Stealth Developer is controlling the device.


Take a screenshot if a Beta Identifier UUID and visit the Apple Store and ask them why it is there when their website clearly states it is only present when you’ve enrolled and have the TF app installed.


My iPhone was accessed remotely

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.