Trust Store Version

if you’re having issues with your school or business login, contact the associated IT organization.

The whois for the surveysapple.com domain is registered to Apple Inc., and I have references here to that domain in messages from Apple going back over a decade, too.

Based on your own use of whois, you will of course know all that.

The rest of the images posted here are seemingly immaterial.

I do not have a school or business login. That is the problem. I’m not suppose too. But it shows I already have a login and in fact I am logged in. That is the security issue. Someone has created a login and logged me in on my phone. I cannot see a profile and do not know as you said the organization to contact to get it off my phone. I guess it would be called a MDM. So that is a security issue because whatever organization has logged my phone in is also in control of my phone now. Right?

Well, I was the Security person installing a complete PKI system at a banking site. It involved creating key pairs for both the server and the client. So the client would have a private key for his part of the connection, and the clients public key was available to view the encrypted data. Likewise, in this scenario, the server had a public and private key as well. This is a very secure method of connectivity with key “exchange”. However, an SSL site may not always provide a key exchange. You will get a security certificate to view encrypted data, but a key pair exchange does not occur without the entire key pair exchange. I think Proton email provides this type of key exchange, but not all “ssl” sites. It can be a bit complicated. This info came from an ssl dot com site:

”Discussions of PKI will quickly lead to you SSL which require a private key and a public key. The private key is held on the web server. The public key is embedded in the SSL certificate. When you visit a website and you see that lock to the left of the address bar, and the URL says https, your browser will automatically download that public key along with the certificate, which confirms that the website is indeed who it presents itself to be.” This validates the site, but not the client. A key pair exchange is required to have a 2 way encrypted exchange with PKI key pairs, vs a single SSL web site. It’s been a while since I worked on this huge project. But while SSL and PKI are related, they are not the same thing. It is much easier to use SSL vs full PKI with 2 key pairs. It’s too much for this forum, but searching on PKI bs SSL provides lots of info about the differences.

I looked everywhere for the trusted asset version 1002. Not to be confused with the store trust version. I didn’t find any consistent information, some said it’s the MDM, others said Pegasus virus, a couple of people said it means you have had fraud, another said it’s financial issues, while others said it’s random? I called as well. I also found a friend of mine has the same number? I apologize, I can’t locate a consensus anywhere. All of my devices have been compromised badly (and that’s been confirmed). But I have no way to know if 1002 has anything to do with that. It would be nice to know. The information is scarce.

Wow! I looked at your screen shot. I’ve been a victim of a targeted attack that’s been going on a while. If anyone ever gets their hands on your device, and has seen you type in the PIN, that’s it (if they have malicious intent). Mine started after a one month hospital stay, welcome home. I’m at the point where I would get rid of the phones if possible. Everything else has been compromised. This will likely get deleted, as most with this subject. But when you logged out, the xfinity (hotspot?) disappeared? I have another phone that had over 100 certificates installed, some looked shady. But I don’t know how to see them on an iPhone. A reformat of that device, and reset of network connections did not help.

T3ddy19 wrote:

Well, I was the Security person installing a complete PKI system at a banking site. It involved creating key pairs for both the server and the client. So the client would have a private key for his part of the connection, and the clients public key was available to view the encrypted data. Likewise, in this scenario, the server had a public and private key as well. This is a very secure method of connectivity with key “exchange”. However, an SSL site may not always provide a key exchange. You will get a security certificate to view encrypted data, but a key pair exchange does not occur without the entire key pair exchange. I think Proton email provides this type of key exchange, but not all “ssl” sites. It can be a bit complicated. This info came from an ssl dot com site:

”Discussions of PKI will quickly lead to you SSL which require a private key and a public key. The private key is held on the web server. The public key is embedded in the SSL certificate. When you visit a website and you see that lock to the left of the address bar, and the URL says https, your browser will automatically download that public key along with the certificate, which confirms that the website is indeed who it presents itself to be.” This validates the site, but not the client. A key pair exchange is required to have a 2 way encrypted exchange with PKI key pairs, vs a single SSL web site. It’s been a while since I worked on this huge project. But while SSL and PKI are related, they are not the same thing. It is much easier to use SSL vs full PKI with 2 key pairs. It’s too much for this forum, but searching on PKI bs SSL provides lots of info about the differences.

The private keys are necessarily present on both ends of the connection.

For HTTPS, the end that is usually most interesting is the one on the server, and that private key and the signed public key are then used to check the signed public key against the trust store.

There are applications where the certificates on both ends of the connection are verified.

The private key doesn’t leave the client or leave the server, but the private key is necessarily involved in the challenge-response math.

The clever parts of PKE is how it doesn’t share the private keys present on each end, but does use it in the verification to “prove” its existence and correctness, and (when done right) sets up ephemeral keys to avoid cases where a subsequent breach of a private key allows previously-captured network connection data that used that key-pair to be decrypted. That would be bad. Oh, and how it uses math that’s easy to calculate in one direction, and hard in another; some operations are very difficult to reverse. The math underlying cryptographic hashes (digests) are also similarly one-way, but that’s fodder for another reply.

TLS inherently includes the handshake (this is the TLSv1.3 stuff) for the handshake), the key exchange, and establishing the session keys (those preferably being ephemeral), the certificate verification, and negotiates the connection encryption algorithm used, among other details, and only then lights up the lock icon.

If you’re creating key-pairs for that bank, that’s either a self-signed setup with key-pairs for each connection, or generating a private key and a certificate signing request. The CSR is then signed by either a commercial certificate vendor, or by whoever is administering the local organization's own private certificate authority. The commercial signing providers is how most websites work, in conjunction with certificate vendors and the trust stores implemented by most (though not all) operating system vendors. The private stuff works just fine—I have various of these running—but does need a trusted path to load the public key into the various clients.

I’ve written a fair amount of TLS code (in mostly C and C++, though with some Swift) (the Apple PKE and TLS frameworks are easier than libtls, and libtls APIs is easier than OpenSSL APIs, and there are others of differing complexities), and designed and worked on various apps and app server configurations in enterprise environments, as well as writing a whole lot of documentation for both TLS and ssh connections, and more than a little troubleshooting. And yes, TLS and ssh are different in numerous ways, but the PKE parts work the same.

Most folks glaze over when discussing TLS, of course. Usually with good reason. 🤪

T3ddy19 wrote:

That was me in response to your posted response from an unknown email address used to send you a message.

Ah, okay. No wonder I was confused. TLS (technically, STARTTLS) wasn’t used on that mail message, as STARTTLS was less common in decades past.

As you are somebody with IT familiarity, package up a detailed description and a reproducer and forensic evidence, and build a cause, and report it. This thread (so far) is not that.

The only way to see a certificate on a iPhone I believe is the way my phone is showing it. It’s only revealing itself because it is not approved by Apple. That way they can control my phone by tricking it to think I’m on secure sights when most likely I am not and maybe even sending me to their sites. I hate fake things. Will probably get rid of all phones now as well. No sense in having a fake phone. LMAO! My life!

So, you do a great deal of programming? I found a lot of JavaScript programs created under “short cuts”, it included using port 22 under ssh to my router, I guess to get the SAM file? I’m not sure. I had about 87 other programming scripts as well, at least a couple were transferring files to downloaded (not by me) cloud services (not Apple). All of my personal data is gone now. Another program from the App Store provides the capabilities to use other programming languages. I’ve noticed that scripts that seem innocent actually do something completely different. I don’t know where the file definitions are kept (Internet?). I can say some are not good at all! But I guess any device could use various programming languages? I did a little programming, but over 40 years ago. Relational databases using VB. Later on, I did some web pages using mostly html. I’ve been able to decipher some of the JavaScript, but not when words actually refer to something completely different. I wish I knew a forensics person that could help me, but I can’t find one. Even my incoming WI-FI network is compromised. I’ve seen several others with identical issues, if they don’t get deleted. I wish Apple would allow the posts to go through. I know someone got an older iPad while I was very sick, that’s where it started, then downloaded and hidden programs, I’d see the icon for a day or so, (MDM being one of the first), then email manipulation apps (with good intent used for bad reasons), screen recorders, and so on. And so much more. I have some of the scripts, but wouldn’t want to post them.

One Lady has been experiencing this for 4 years! I’m getting there. I disconnected cables to router and modem, but a Wi-Fi connection is still being used! I’ve tried everything. I’m trying to get everything together and get rid of everything, but can’t identify “everything”. I know it’s PCs, phones, iPads, IoT, more things I’m hesitant to say. And once the programs are installed, the icons no longer show up anywhere, but the activity is still happening. Sigh.

I‘m having the same issue, an MDM was downloaded to my personal device and I can’t see it, I saw the icon when it was downloaded, but not after. The MDM has a lot of control over your device and can allow or disallow many things. It sounds like it would be a great security feature, if the true owner had control. I saw where you asked if I knew why I was being targeted. Well, nobody should be targeted this way! I might normally say it’s due to my work history, banking, finance, aerospace and insurance (Security in all). But not in this case. As Mr Hoffman stated, this is an “elite” attack, or appears so. In my case, I think it’s someone I know. I do wish I knew a forensics investigator. With a subpoena, you can find out who is doing this. But thats if you can find someone to do this (attorney).

T3ddy19 wrote:

As Mr Hoffman stated, this is an “elite” attack, or appears so.

Re-read what I wrote. What was claimed would be. So far, nobody’s posted anything that couldn’t also be explained by benign and expected activities, particularly around cases involving carrier-related apps, or by the ever-popular dodgy hardware. Three pages of random screenshots, random telemetry, and other such is not sufficient evidence. Part of that exploit risk determination involves answers to situational and background questions that should not be posted here, too.

Ok, that message actually went to Miss Fiddy? But it appears that often when a message is sent to one member of a topic, it goes to all. Also, if the post has been removed, when the link to respond is selected, there is no longer the original message. As you mentioned, the moderators may remove the post. I was wondering why I was receiving what appeared to be so many questions when if fact, they were more of “updates” or responses to a category. Like Trust Versions, MDM and so forth.

Apologies if I misunderstood. However, I was screen sharing with a senior advisor, going through various anomalies, and he agreed the device was compromised. However, I would not want to post details on an open forum. But many have indicated they have the exact same symptoms.

T3ddy19 wrote:

Ok, that message actually went to Miss Fiddy? But it appears that often when a message is sent to one member of a topic, it goes to all.

You can't send a message to just one person here. Everything you post is added to the thread and everyone can see it.

Hi Teddy,

Soooo how long has this been happening to you? Im so sorry it is. I have found through out the almost 7 years now of enduring this, the saddest part is feeling hopeless. People who are not being attacked and abused like this just dont understand. They think this is not possible, it's outrageous. I wish it were. Most people will not fully believe you. They will be skeptical. The more I see this, I am just happy to know the majority of people are still in the real world, where everything works, things go their way, it's easy for the most part. It makes me happy most people will never need to experience this awful terrible existence. I remember when it started happening....I was driving around my beautiful dream car in West Hollywood on vacation loving life. When I realized what was happening I was in shock. I cried. I knew I would loose everything..what was even worse is knowing myself so well, how strong I am, I knew unfortunately I would survive to see to much of this. Two close friends of mine knew what I was talking about. They died the first year this started happening to me. I could have only been so lucky. I hope this message finds you well.