Newsroom Update

Tap to Pay on iPhone is now available in Canada. Learn more >

User profile for user: riaricks
riaricks Author
User level: Level 1
16 points

My iPhone was accessed remotely

Over the last several months, a few seemingly minor incidents triggered me to increase my home network’s security and to start paying attention to the devices connected to my network. However, there has been a sudden

awdd-2023-04-30-041028-11.consolidated

increase in the frequency and severity of events which has led me to investigate the situation more thoroughly. After many hours of research, I am confident that (at the very least) both my laptop and my iPhone have been accessed remotely. For how long, I’m not sure (but if my crazy, narcissistic ex who has a history of spying on me has anything to do with it, probably a long time).


I completely reset all my devices when I first became aware of the remote access to my laptop, which I only just discovered during the last week. Unfortunately, they managed to gain access again so this time, I completely wiped the hard drive on my laptop and re-installed Windows from a recovery drive, and as for my iPhone, I did a complete factory reset, created a brand new Apple ID during set up, and because I believe access was obtained by hacking my network, I did not connect to any wi-fi or Bluetooth device and have only downloaded a VPN, virus protection and private browser. I’m hoping that someone on here could review my Analytics Data since the reset and tell me if anything still looks suspicious or if all looks good now.

Posted on Apr 30, 2023 7:32 AM

Reply
Question marked as Best reply
User profile for user: fern138
fern138
User level: Level 1
15 points

Posted on May 25, 2023 2:13 AM

Gravityfed, you described exactly what has been happening to me. No matter what I do - new phone, new Apple ID, new email. Nothing has worked. Any advice would be greatly appreciated.

View in context

Similar questions

28 replies
User profile for user: Dmgator
Dmgator
User level: Level 1
20 points

Apr 21, 2024 7:22 PM in response to briar132

Me as well, spent thousands on their products as they tell me I'm crazy. Send logs to citizen lab in Toronto. Some truths I was educated on I wish I was not told. I'll say one thing Apple hates letting RAM sit unused. Let your mind wonder from there. Print logs immediately and send on different device., Ive had saved logs greyed out and changed within hours. Microsoft is no different. Set trap with a separate device using unknown data source and kali. Control the beginning and end of your own server traffic and you will catch man in the middle eating apple pie!!

Reply
User profile for user: Googoogaga2972
Googoogaga2972
User level: Level 1
12 points

Apr 27, 2024 11:00 PM in response to riaricks

Because if they have installed MDM management then its on a hardware level. whatever you do you cant fix. most likely all devices in house will be connected. You would have to get every thing including TV and things with bluetooth or wifi smart home bought again. But with that amount of knowledge of your whereabouts they can easily break in change light bulbs/chargers or leave a device near to be able to find your phone again. Also your phone will have geo fence which is able to talk to any device near it and know all of its details network/sim state etc. Plus NFC. If they clone a base station even worse everything you do on 4g/3g goes to their base station first any device near you try to use will ultamitely go to the criminal.

device management wont show on iphone settings. you need to log into your icloud work school account even if you dont have one and it will say the account already exsists. dont listen to people and apple saying the settings device management shows it because it doesnt. they have remote settings agent i found on kernel. if you have been through what i have the past 3 years. there is no escaping it. lost my buisness, my properties, my life basically. And i have tried everything you can imagine to escape it even moving states.

Reply
User profile for user: iCubGenius
iCubGenius
User level: Level 1
8 points

Jan 18, 2024 10:31 AM in response to riaricks

I would like to comment generally on this topic. Being victim of intimidation, harassment, phishing, gaslighting. Is extremely destructive mentally and should you intervene in the assistance process should be extremely supportive and avoid just providing them wrong.

an important point needs to mentioned is that people are getting hacked, not devices. You should apply the same vigilance we use in life when we are online.

Apple is probably one of or the company that will fight for everyone’s right to privacy.

Apple but astronomical amount of effort in the development of means of security.

please take to time to educate yourself about all the different level of security are capable of providing.


Here is a link that will certainly help you understand and how to proceed with your research on a potential security breach within your device.


Apple security releases - Apple Support


Reply
User profile for user: riaricks
riaricks Author
User level: Level 1
16 points

Apr 30, 2023 7:37 AM in response to riaricks

timestamp: 1682852473511

isAnonymous: true

deviceConfigId: 7422

investigationId: 0

model: "iPhone13,2"

softwareBuild: "20E252"

firmwareVersion: "iBoot-8422.100.650"

basebandVersion: "3.55.02"

buildtype: "User"

tz_offset: -25200

metric_file_type: 1

metriclogs {

triggerTime: 1682852468495

triggerId: 7143424

profileId: 394

multitouchBootEvents {

timestamp: 1682852459661

version: 1363

}

}

metriclogs {

triggerTime: 1682852468495

triggerId: 7143425

profileId: 395

multitouchHardwareStatus {

timestamp: 1682852459665

}

}

metriclogs {

triggerTime: 1682812800000

triggerId: 827739

profileId: 142

cellularUim5gSuciProtectionScheme {

timestamp: 1682812800000

sim_type: SIM_TYPE_PSIM

suci_conceal_scheme: SUCI_CONCEAL_SCHEME_PROFILE_A_ECIES

suci_conceal_type: SUCI_CONCEAL_USIM

hplmn: [3 bytes] 03 02 16

pri_enables_nr5g_sa: 0

pri_enables_non_null_suci_requirement_for_nr5g_sa_enablement: 1

}

}

metriclogs {

triggerTime: 1682812800000

triggerId: 524449

profileId: 211

commCenterSimTrayEvent {

timestamp: 1682812800000

inserted: true

has_sim: true

}

}

metriclogs {

triggerTime: 1682812800000

triggerId: 524503

profileId: 163

commCenterCarrierBundle {

timestamp: 1682812800000

bundle {

bundle_type: 1

matching_bundle_name: "302610"

resolved_bundle_name: "Bell_ca.bundle"

carrier_plist_name: "device+carrier+302610+D53g+54.0.1.plist"

bundle_version: "54.0.1"

is_embedded: true

imsi_prefix: "3026100"

subs_id: 0

}

}

}

metriclogs {

triggerTime: 1682812800000

triggerId: 524449

profileId: 211

commCenterSimTrayEvent {

timestamp: 1682812800000

inserted: true

has_sim: true

}

}

metriclogs {

triggerTime: 1682812800000

triggerId: 827739

profileId: 142

cellularUim5gSuciProtectionScheme {

timestamp: 1682812800000

sim_type: SIM_TYPE_PSIM

suci_conceal_scheme: SUCI_CONCEAL_SCHEME_PROFILE_A_ECIES

suci_conceal_type: SUCI_CONCEAL_USIM

hplmn: [3 bytes] 03 02 16

pri_enables_nr5g_sa: 0

pri_enables_non_null_suci_requirement_for_nr5g_sa_enablement: 1

}

}

metriclogs {

triggerTime: 1682848800000

triggerId: 2686989

profileId: 426

}

metriclogs {

triggerTime: 1682848800000

triggerId: 2686987

profileId: 428

}

metriclogs {

triggerTime: 1682848800000

triggerId: 3473412

profileId: 411

cFNetworkTaskMetrics {

timestamp: 1682848800000

activityUUID: "8AA142E7-A649-439C-B522-785DB9E0539C"

didCompleteWithError: 3538

numberOfRetries: 0

numberOfRedirects: 0

error: -999

underlyingError: 0

underlyingErrorDomain: 0

taskType: DATA_TASK

isBackground: false

transactionMetrics {

networkProtocolName: HTTP_1_1

networkLoadType: NSURLSessionTaskMetricsResourceFetchTypeNetworkLoad

reusedConnection: false

isRedirected: false

requestStart: 209

requestEnd: 209

responseStart: 291

responseEnd: 0

totalBytesWritten: 516

totalBytesRead: 2488975

connectionUUID: "E4700B0B-42D8-4FBC-9239-3CCD43003FEB"

apsRelayAttempted: false

apsRelaySucceeded: false

http3Status: NOT_ENABLED

}

schedulingTier: USER_INITIATED

}

}

metriclogs {

triggerTime: 1682848800000

triggerId: 2686990

profileId: 427

}

metriclogs {

triggerTime: 1682848800000

triggerId: 3473412

profileId: 411

cFNetworkTaskMetrics {

timestamp: 1682848800000

activityUUID: "8AA142E7-A649-439C-B522-785DB9E0539C"

didCompleteWithError: 3538

numberOfRetries: 0

numberOfRedirects: 0

error: -999

underlyingError: 0

underlyingErrorDomain: 0

taskType: DATA_TASK

isBackground: true

transactionMetrics {

networkProtocolName: HTTP_1_1

networkLoadType: NSURLSessionTaskMetricsResourceFetchTypeNetworkLoad

reusedConnection: false

isRedirected: false

requestStart: 209

requestEnd: 209

responseStart: 291

responseEnd: 0

totalBytesWritten: 516

totalBytesRead: 2488975

connectionUUID: "E4700B0B-42D8-4FBC-9239-3CCD43003FEB"

apsRelayAttempted: false

apsRelaySucceeded: false

http3Status: NOT_ENABLED

}

schedulingTier: USER_INITIATED

}

}

Reply
User profile for user: briar132
briar132
User level: Level 1
14 points

Jun 8, 2023 5:24 PM in response to fern138

Same here. Been thru it all so many times at apples useless, patronizing, and, frustratingly time wasteful, advice. Causing me to repurchase almost everything multiple times w each new apple id &/or device. I’m on my 7th iphone in 2 years. Ipad pro seems to be discretely managed and saw network alerts its up to no good from a wifi router. Why does apple’s snobbery have to include blatant ignorance of actual, factual, goings on?!

Reply
User profile for user: Community User
Community User

Jun 25, 2023 7:36 PM in response to MrHoffman

because as most of the weird behavior were related to Wi-Fi connections. So, I sent my devices to supposedly "clean" up (disks, reinstalling system, etc) and then use them over Ethernet, with the exception of my iPhone which only runs with its cellular data. I changed my isp to a new one, new modem, new everything, but as I mentioned before, these partitions were still there so everything started again. I was planning to get a Cisco but the seller said I should first make sure to get my devices clean, other way the firewall/gateway would not detect what was already into my devices. So, that's been my problem, not sure when to do what, after making sure everything is right in place to start clean again.

Reply
User profile for user: gravityfed
gravityfed
User level: Level 1
69 points

Sep 20, 2023 9:20 AM in response to Community User

Re: JetsamEvent-2023-06-25-224214


This is probably the first indication all is not well.

"csTrustLevel" : 0,


Secondly, these are a few of the other indicators:

"ManagementTestSubscriber"
"betaenrollmentd"
"com.apple.SiriTTSService.TrialPr"
"ManagedSettingsAgent"
"InteractiveLegacyProfilesSubscri"
"LegacyProfilesSubscriber"


Check other logs for a Beta Identifier UUID and if one is not knowingly enrolled in the Apple beta program and have the TestFlight App installed that'll confirm an active Stealth Developer is controlling the device.


Take a screenshot if a Beta Identifier UUID and visit the Apple Store and ask them why it is there when their website clearly states it is only present when you’ve enrolled and have the TF app installed.


Reply

My iPhone was accessed remotely

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up