Mismatched Trust Store Version on iOS 16.5

I do not have a school or business login. That is the problem. I’m not suppose too. But it shows I already have a login and in fact I am logged in. That is the security issue. Someone has created a login and logged me in on my phone. I cannot see a profile and do not know as you said the organization to contact to get it off my phone. I guess it would be called a MDM. So that is a security issue because whatever organization has logged my phone in is also in control of my phone now. Right?

Well, I was the Security person installing a complete PKI system at a banking site. It involved creating key pairs for both the server and the client. So the client would have a private key for his part of the connection, and the clients public key was available to view the encrypted data. Likewise, in this scenario, the server had a public and private key as well. This is a very secure method of connectivity with key “exchange”. However, an SSL site may not always provide a key exchange. You will get a security certificate to view encrypted data, but a key pair exchange does not occur without the entire key pair exchange. I think Proton email provides this type of key exchange, but not all “ssl” sites. It can be a bit complicated. This info came from an ssl dot com site:

”Discussions of PKI will quickly lead to you SSL which require a private key and a public key. The private key is held on the web server. The public key is embedded in the SSL certificate. When you visit a website and you see that lock to the left of the address bar, and the URL says https, your browser will automatically download that public key along with the certificate, which confirms that the website is indeed who it presents itself to be.” This validates the site, but not the client. A key pair exchange is required to have a 2 way encrypted exchange with PKI key pairs, vs a single SSL web site. It’s been a while since I worked on this huge project. But while SSL and PKI are related, they are not the same thing. It is much easier to use SSL vs full PKI with 2 key pairs. It’s too much for this forum, but searching on PKI bs SSL provides lots of info about the differences.

I looked everywhere for the trusted asset version 1002. Not to be confused with the store trust version. I didn’t find any consistent information, some said it’s the MDM, others said Pegasus virus, a couple of people said it means you have had fraud, another said it’s financial issues, while others said it’s random? I called as well. I also found a friend of mine has the same number? I apologize, I can’t locate a consensus anywhere. All of my devices have been compromised badly (and that’s been confirmed). But I have no way to know if 1002 has anything to do with that. It would be nice to know. The information is scarce.

Wow! I looked at your screen shot. I’ve been a victim of a targeted attack that’s been going on a while. If anyone ever gets their hands on your device, and has seen you type in the PIN, that’s it (if they have malicious intent). Mine started after a one month hospital stay, welcome home. I’m at the point where I would get rid of the phones if possible. Everything else has been compromised. This will likely get deleted, as most with this subject. But when you logged out, the xfinity (hotspot?) disappeared? I have another phone that had over 100 certificates installed, some looked shady. But I don’t know how to see them on an iPhone. A reformat of that device, and reset of network connections did not help.

T3ddy19 wrote:

That was me in response to your posted response from an unknown email address used to send you a message.

Ah, okay. No wonder I was confused. TLS (technically, STARTTLS) wasn’t used on that mail message, as STARTTLS was less common in decades past.

As you are somebody with IT familiarity, package up a detailed description and a reproducer and forensic evidence, and build a cause, and report it. This thread (so far) is not that.

The only way to see a certificate on a iPhone I believe is the way my phone is showing it. It’s only revealing itself because it is not approved by Apple. That way they can control my phone by tricking it to think I’m on secure sights when most likely I am not and maybe even sending me to their sites. I hate fake things. Will probably get rid of all phones now as well. No sense in having a fake phone. LMAO! My life!

So, you do a great deal of programming? I found a lot of JavaScript programs created under “short cuts”, it included using port 22 under ssh to my router, I guess to get the SAM file? I’m not sure. I had about 87 other programming scripts as well, at least a couple were transferring files to downloaded (not by me) cloud services (not Apple). All of my personal data is gone now. Another program from the App Store provides the capabilities to use other programming languages. I’ve noticed that scripts that seem innocent actually do something completely different. I don’t know where the file definitions are kept (Internet?). I can say some are not good at all! But I guess any device could use various programming languages? I did a little programming, but over 40 years ago. Relational databases using VB. Later on, I did some web pages using mostly html. I’ve been able to decipher some of the JavaScript, but not when words actually refer to something completely different. I wish I knew a forensics person that could help me, but I can’t find one. Even my incoming WI-FI network is compromised. I’ve seen several others with identical issues, if they don’t get deleted. I wish Apple would allow the posts to go through. I know someone got an older iPad while I was very sick, that’s where it started, then downloaded and hidden programs, I’d see the icon for a day or so, (MDM being one of the first), then email manipulation apps (with good intent used for bad reasons), screen recorders, and so on. And so much more. I have some of the scripts, but wouldn’t want to post them.

One Lady has been experiencing this for 4 years! I’m getting there. I disconnected cables to router and modem, but a Wi-Fi connection is still being used! I’ve tried everything. I’m trying to get everything together and get rid of everything, but can’t identify “everything”. I know it’s PCs, phones, iPads, IoT, more things I’m hesitant to say. And once the programs are installed, the icons no longer show up anywhere, but the activity is still happening. Sigh.

I‘m having the same issue, an MDM was downloaded to my personal device and I can’t see it, I saw the icon when it was downloaded, but not after. The MDM has a lot of control over your device and can allow or disallow many things. It sounds like it would be a great security feature, if the true owner had control. I saw where you asked if I knew why I was being targeted. Well, nobody should be targeted this way! I might normally say it’s due to my work history, banking, finance, aerospace and insurance (Security in all). But not in this case. As Mr Hoffman stated, this is an “elite” attack, or appears so. In my case, I think it’s someone I know. I do wish I knew a forensics investigator. With a subpoena, you can find out who is doing this. But thats if you can find someone to do this (attorney).

T3ddy19 wrote:

As Mr Hoffman stated, this is an “elite” attack, or appears so.

Re-read what I wrote. What was claimed would be. So far, nobody’s posted anything that couldn’t also be explained by benign and expected activities, particularly around cases involving carrier-related apps, or by the ever-popular dodgy hardware. Three pages of random screenshots, random telemetry, and other such is not sufficient evidence. Part of that exploit risk determination involves answers to situational and background questions that should not be posted here, too.

Ok, that message actually went to Miss Fiddy? But it appears that often when a message is sent to one member of a topic, it goes to all. Also, if the post has been removed, when the link to respond is selected, there is no longer the original message. As you mentioned, the moderators may remove the post. I was wondering why I was receiving what appeared to be so many questions when if fact, they were more of “updates” or responses to a category. Like Trust Versions, MDM and so forth.

Apologies if I misunderstood. However, I was screen sharing with a senior advisor, going through various anomalies, and he agreed the device was compromised. However, I would not want to post details on an open forum. But many have indicated they have the exact same symptoms.

T3ddy19 wrote:

Ok, that message actually went to Miss Fiddy? But it appears that often when a message is sent to one member of a topic, it goes to all.

You can't send a message to just one person here. Everything you post is added to the thread and everyone can see it.

Hi Teddy,

Soooo how long has this been happening to you? Im so sorry it is. I have found through out the almost 7 years now of enduring this, the saddest part is feeling hopeless. People who are not being attacked and abused like this just dont understand. They think this is not possible, it's outrageous. I wish it were. Most people will not fully believe you. They will be skeptical. The more I see this, I am just happy to know the majority of people are still in the real world, where everything works, things go their way, it's easy for the most part. It makes me happy most people will never need to experience this awful terrible existence. I remember when it started happening....I was driving around my beautiful dream car in West Hollywood on vacation loving life. When I realized what was happening I was in shock. I cried. I knew I would loose everything..what was even worse is knowing myself so well, how strong I am, I knew unfortunately I would survive to see to much of this. Two close friends of mine knew what I was talking about. They died the first year this started happening to me. I could have only been so lucky. I hope this message finds you well.

I was in the hospital for a month when my iPad mini 2 (no longer used but kept with other older devices in storage. 1st set of surgeries were 2021, then again in 2022. I thought it started around this time, but later on, I found altered things going back to 2018! It became the worse in 2022. Nearly all of the data that would have provided evidence of fraud, like my email account and Apple ID were deleted. I had many recent charges for nefarious programs that were “hidden”. I was not aware this was a “feature”. My grocery delivery service was also deleted. That deleted an excessive amount of purchase details. I do have images of the icons that showed some of the programs that were dowloaded, then they used a managed hotspot that I never purchased and could not delete. They connect to managed hotspot, then use Bluetooth to access other devices (such as all IOS, Windows, my printer, streaming media, home alarm and much more. I’m a former certified global IT security manager, and I get the same treatment, such as “that’s impossible” and more related comments. But a senior IT support rep using a remote session looked at my phone, and many of the changes and confirmed I was compromised.

Although it sounds like Pegasus virus, it has a different name for this years version. The app for MDM downloaded to IOS and other operating systems, while the downloaded app was visible, once it was installed it disappeared. The same is true for other programs that were created for good purposes, used for malicious purposes, such as email manipulation, filtering or blocking web sites for security research, emails to security companies (the emails were set to auto delete, hide, or redirect.

There is too much going on to try to hit the major issues. But I’ve seen a lot of ppl that have listed the same issues in detail. Many topics get deleted. I don’t have enough “points” (you get them when someone clicks on “Helpful”. Sometimes I’ll get a message that will already be deleted.

there are a couple other remote access apps (one actually showed on my Home Screen before it was hidden. You are not suppose to be able to hide installed programs, but they will show up at various times, such as a screen recorder that was installed using an alternate or alias ID. I went to the site, and it immediately kicked off a 45 minute scan! After 45 minutes, I received a link to the recorded session from the vender, I tried to open it, and I did not have permissions. It also captures screen shots, this is evident when looking at links or history, different locations, but one is open web sites, when I shrink the current site I’m on in Safari, some sites will show letters, such as “DA” or the user or site name, while those viewed will show a big eye ball (and no images from the site) and in the lower right hand corner, a square icon that looks like a window with bars. If you click on that, it will select all text on that page. One example of many programs that I can’t get rid of, reformatting or buying new everything does not help. In my case, I feel it started with the hidden MDM. In September this year, the install icon showed up again. I tried to install it on my iPad that had not been connected by me for over 6 months. And I’d disconnected my network months ago. But when I clicked on the icon, it said something like “you need to contact your system administrator to use this app, you don’t have permissions”. All of my devices are personal, and not belonging to a business. I get other messages related to a MDM (Apple Configurator). I’d Planned on creating a small non profit blog site, but have no working computers. If I did, I would install the Apple MDM on all devices. I can see how it could prevent many attacks with all the restrictive and detailed settings, from settings on the Apple Device, such as Focus (or do not disturb), to restricting web sites, and even password requirements.im not sure how it handles scripts, or custom programming under short cuts, but if block that.

I’d wanted to add more pics, but by the time I removed all personal info, there was nothing left!

I’m not certain how long, had “mild”

things as far back as 2018, but things became very bad 2021-now. I’m going to try to send 2 pics related to previous discussion, MDM and screen recorder app (I did not purchase either), it seems like the MDM appears every year or more.