My iPhone was accessed remotely

Trying to interpret apple diagnostics isn't meant for us mere mortals. Unless you have jailbroken your iPhone, the chances of your phone being accessed remotely are most unlikely. If you have jailbroken your phone, anything is possible and that would be on you and there is no one here who could possibly help you with issues which happen on jailbroken phones.

Otherwise, trying to read diagnostics, which only Apple can do, is an act of futility.

The only other way someone could remotely access your iPhone is if you handed your phone to them and they installed Remote Management Software on the Phone. Go to Settings > VPN & Device Management > If there is a profile there, remove it.

Change your Apple ID Password too, if you are concerned.

Re: JetsamEvent-2023-06-25-224214

This is probably the first indication all is not well.

"csTrustLevel" : 0,

Secondly, these are a few of the other indicators:

"ManagementTestSubscriber"
"betaenrollmentd"
"com.apple.SiriTTSService.TrialPr"
"ManagedSettingsAgent"
"InteractiveLegacyProfilesSubscri"
"LegacyProfilesSubscriber"

Check other logs for a Beta Identifier UUID and if one is not knowingly enrolled in the Apple beta program and have the TestFlight App installed that'll confirm an active Stealth Developer is controlling the device.

Take a screenshot if a Beta Identifier UUID and visit the Apple Store and ask them why it is there when their website clearly states it is only present when you’ve enrolled and have the TF app installed.

I'm sorry to hear about the issues you've been experiencing with your devices. It's always concerning when you believe your privacy has been compromised, especially when it involves personal devices that contain a lot of sensitive information.

I've reviewed the analytics data you've provided and here's what I found:

1. CommCenterNVMSync: This is related to the communication center of your device syncing with the network. The logs show that these syncs were successful and there was something to sync, which is normal behavior.
2. CommCenterLTESwitch and CommCenterNrSwitch: These logs indicate switches in your network communication, possibly between different types of networks (like LTE and Nr). This is also normal behavior, especially if you're moving around or if your device is automatically switching to the best available network.
3. CommCenterBasebandFilePush: This log shows that some files were pushed to your device's baseband, which is the part of your phone that handles communication with the cell network. The reason given is "kBundleChange", which suggests that this was due to some sort of update or change in the network settings.
4. CommCenterEntitlementRequest and CommCenterEntitlementResponse: These logs are related to your device requesting and receiving entitlements, which are permissions or capabilities granted by your carrier. The logs show various types of entitlement requests and responses, including some with status 6000 (which typically means success) and entitlement status 6100 (which is also typically a success status).

From the data you've provided, I don't see anything that stands out as suspicious. The logs seem to be related to normal network operations and communication between your device and your carrier's network.

However, it's important to note that this is a basic analysis and may not catch more subtle signs of intrusion. If you're still concerned, I would recommend the following steps:

1. Consult with a cybersecurity professional: They can provide a more thorough analysis and give you personalized advice based on your situation.
2. Change all passwords: This includes your Apple ID, email accounts, social media, and any other accounts you access from your devices.
3. Enable two-factor authentication: This adds an extra layer of security to your accounts.
4. Be cautious with emails and messages: Be wary of any unexpected or suspicious emails or messages, as these can be attempts to gain access to your accounts.
5. Keep your devices updated: Regularly update your devices to ensure you have the latest security patches.

Remember, security is a continuous process and it's important to stay vigilant. I hope this information helps, and I wish you the best of luck in resolving this issue.

Best,

nexusnode

gravityfed wrote:

Hello false alarm, not true actually, the ability exists to send a message through iMessage even if it’s not enabled.

As for millions dollars that is also not true.

Look up the current exploit offers. Offers for the sorts of exploits that people discuss in these threads are up two two million US dollars (iOS full-chain with persistence, zero click). Apple too offers bounties. If you’re worth that much to your adversaries, you will want to seek security advice and seek device forensics tailored to your particular situation. That’s not likely going to be available via forum postings.

For those here with issues ongoing for six months or more, or for years, those situations will not be addressed around here. There won’t be any new or different suggestions offered around here; things that haven’t already been encountered, been experienced, or been suggested and then locally implemented or rejected as appropriate.

If the local network configuration or local computer configuration is problematic, there will be stability and connectivity issues independent of any purported security issues. I’ve worked with a few folks that were making changes themselves and then forgot those changes, and they thought they were hacked. And I’m aware of folks that were targeted with some very expensive exploits.

Searching telemetry logs for evidence of exploitation is looking for needles in ever-increasing numbers of haystacks, and without knowing if there are any needles in any of the haystacks, nor what the needles even look like.

commCenter is a system service responsible for managing various aspects of cellular communication, including cellular data, voice calls, and text messages. It handles network selection, signal strength monitoring, call setup, and data transfer tasks. It's a normal process of iOS; however, it can be maliciously edited if security measures have been circumvented, so you are right to investigate it, as I am doing the same with my iPhone.

If you've done a complete reinstall, your recovery partition or the firmware may have been compromised, so reinstalls are a waste of time. Even if you buy another phone, the same will likely happen again. I've used different accounts on new devices, and the same happens before long, though lockdown mode helps somewhat.

A new update is available, but within a few minutes of installing it, an AppStore app acting in kernel mode caused a disk write crash, a tactic to gain escalated privileges, bypass security measures, or execute malicious actions, so the merry-go-round continues.

AWDD is Apple wireless diagnostics.

You’ll want to acquire evidence of a security compromise, which is not these AWDD logs.

If there are performance or stability issues here, the add-on security apps would also be the initial suspects.

With the ISP router set to bridged mode and with no other router configured to process NAT and DHCP and related services, your network configuration is incorrect. That will have repercussions throughout all connected devices. Instability, crashes, weird errors, a flaky or invalid network configuration will cause endemic issues.

Log files and telemetry are filled with ominous-worded and cryptic and utterly benign messages, and are best left to Apple, and to app developers for their own app-specific log entries.

Me as well, spent thousands on their products as they tell me I'm crazy. Send logs to citizen lab in Toronto. Some truths I was educated on I wish I was not told. I'll say one thing Apple hates letting RAM sit unused. Let your mind wonder from there. Print logs immediately and send on different device., Ive had saved logs greyed out and changed within hours. Microsoft is no different. Set trap with a separate device using unknown data source and kali. Control the beginning and end of your own server traffic and you will catch man in the middle eating apple pie!!

I am 100% confident no one is remotely accessing your phone. What you are describing would require multiple zero-day vulnerabilities which are hoarded and used in state-sponsored attacks. These are worth millions of dollars each.

Modern iPhones are very locked down. It is simply unrealistic that someone is remotely hacking your phone unless you are a high-value target.

Gravityfed, you described exactly what has been happening to me. No matter what I do - new phone, new Apple ID, new email. Nothing has worked. Any advice would be greatly appreciated.

Looks more like the local network is malfunctioning. Checked and restarted the router, and checked its firmware?

Not sure if this is normal or not, but I can find the words "remote controlled" several times, and Wi-Fi, and other things that don't match my config.

Same here. Been thru it all so many times at apples useless, patronizing, and, frustratingly time wasteful, advice. Causing me to repurchase almost everything multiple times w each new apple id &/or device. I’m on my 7th iphone in 2 years. Ipad pro seems to be discretely managed and saw network alerts its up to no good from a wifi router. Why does apple’s snobbery have to include blatant ignorance of actual, factual, goings on?!

Hi @MrHoffman.

I have being facing serious security issues for the last 30 days in all our family's devices. Not like being paranoid, but my two MacBook Pro were compromised to the point of having impossible to remove partitions where they are booting from, so I can't even achieve a new system install from the apple server or bootable units. My iPhone is having a similar issue, not even after factory reset to iOS 16.5.1 about 24 hrs ago, it doesn't stop behaving weird, like options turned on and off, a just created iCloud email not working, even with the right Apple ID logged, and all logs I collected from terminal on the laptops and my iPhone, have the same path architecture, names, etc. if you could check the log attached, I would be eternally grateful.