My iPhone 15 has been cloned

ASCUN75 wrote:

With regard to “and there really isn’t a reason for the miscreant to even perform a Wi-Fi password change with that access;”, You are 100% wrong. It’s basic psychology that most of us learned in high school. These hackers are stalkers and need to show you who is in charge; who has the power.

Yes, and those miscreants do that by communicating with you. They prove their access. They make threats, allusions, whatever. More than a few other miscreants will claim compromises. Compromises that might not or do not exist. If anything, those latter (false) claims are both more costly, and more pernicious. And that's all a civil or criminal matter.

As for this case (and your suggestion around changing the Wi-Fi password to detect compromises), if the miscreant has changed the Wi-Fi password, that is either because of a router security breach (and older and cheaper and down-revision routers can have poor security), or because of a device or credentials breach elsewhere, and that password change shows across all devices. Unless the miscreant has gotten every device associated with that Wi-Fi, that change is very obvious, and there's no need to check it.

Nowhere in this am I claiming that iOS or iPadOS or macOS cannot be breached. They can be. They are, however, not particularly easy to breach. There are ways to misconfigure iOS and iPadOS and macOS and other platforms too, and ways to phish or spearphish or shoulder-surf credentials, of course—and the results of those attacks are very similar to the vastly more involved and more technical and more expensive compromises. If anything, I expect to be phished or spearphished eventually, too. (I've some experience with social engineering and remediation costs and a rather well known miscreant, they having breached the internal network of an organization I was then affiliated with. Some of them are quite good.)

The original posting in this thread is a rather different case, as they claim to be a high-profile target, and subject to some rather advanced adversaries for whatever reason. And that is why I suggested they obtain tailored security advice for their situation. Which probably isn't going to involve verifying the Wi-Fi password if that's suspected compromised, it's probably replacing the Wi-Fi network and connected hardware for higher risk cases, or involves a factory reset and updating and new passwords and passkeys everywhere.

There are other and vastly easier Wi-Fi attacks here too, not the least of which involves Pineapple or similar, too. (I first met a Pineapple-like Wi-Fi attack a decade or so ago, and in a high-level meeting by major platform vendor, and with that vendor's major customers and their senior management and security folks in attendance, as well as the vendor's president and their own most senior staff. All of the local Wi-Fi traffic was being collected during that meeting, and again during a subsequent presentation, unbeknownst to the platform vendor IT staff.)

But again, (solely) breaching a Wi-Fi network, or changing Wi-Fi network credentials doesn't give the miscreant additional device access, absent some other secondary (and larger) mistake. Most of us are routinely connecting to untrusted Wi-Fi networks, and most of us are not special-casing our own private networks. Which makes that Wi-Fi password network check seemingly rather less beneficial to local security in aggregate.

Your phone has not been cloned.

One or more of your online accounts may have been compromised, but your phone has not been cloned.

So long as you insist on pursuing it from the viewpoint that it has been, you will not be able to solve your problem.

Get tailored assistance from a reputable information security provider with your personal and electronic security, if you believe you are a high profile target. That evaluation needs to be wholistic, too; to consider all aspects of your activities and tooling and risks and requirements.

Yes, cloning is unlikely but certainly possible, but will disrupt your device operations as exactly one cellular device can be active and online at a time, and you will want to discuss that entire issue directly with your carrier.

You are encountering this "mindset" because your claim that your phone has been 'cloned' is simply wrong. That is simply not possible.

No "hacker" has access to your phone, direct or otherwise. It is simply not possible for anyone to gain access to your accounts remotely through your phone.

No one has gained access to your phone.

You already stated that your gmail account was compromised. It's a simple matter from there for the "hacker" to spread out and access any account you have linked to that email address in any way, especially if you're like many people and have used the same password across multiple online services.

You need to secure your accounts. The phone is not the problem.

They are directed at you from reality.

You can choose to reject it and substitute your own, but it will not alter the facts.

Your phone can not be accessed remotely.

Your phone has nothing to do with your problems.

You may want to engage the services of an identity theft specialist.

Best of luck.

I have learned from personal experience and also from talking with a guy who has a masters in cybersecurity and who works for the U.S. Defense Dept., factory resets do not remove everything. He told me that most companies that do factory resets do not reset the partitions so everything does not get wiped. You need to get the entire windows system removed and a new system installed.

In case this helps you, I want to explain our situation. I believe we were attacked because I blocked unknown devices from our home network that were hogging our bandwidth and buffering our TVs. Because after I did that, the attack began. Sparing you the details except what I think might be helpful, the month after the problems/attack began, I was on my windows laptop looking at the security section and Windows Defender. Everything looked fine. Windows was current. Security and malware protection was current; however, because of the situation I kept looking around and looked under the “Advanced” firewall settings. It was there that I saw the hacker typing all of these rules to turn off updates, bitlocker and other security settings, to log all the IP address’ of every device that connects to the wifi, in addition to other rules.He was also setting up servers and created profiles that were senior to mine. It was all way above my head. He did the same on my boyfriend’s windows computer. We have two Brother printers. A couple of months into this mess, the printers started humming and a printed page stated a warning about not making changes to the configurations. Now, every time my boyfriend prints something the printer hums/processes for a couple of minutes. This did not happen prior to the initial attack.On our Samsung TV something popped up about remotely controlling the TV and we noticed changes on another TV. They also changed the passwords multiple times on our router. Just today when reading up on all of this mess, I learned the attack they used was probably the Krack Attack. I will let you read up on this if you are not familiar with it. Also I have learned that they are probably using Simple Network Management Protocol (SNMP) to manage the activity on our network. What I learned is that usually 2 devices in a network log everything and report back to a network manager. I now believe that when I saw them creating rules and a server in our two laptops, they were setting things up under the SNMP.

I don’t have a complete list yet, but there are security settings on a router that should be made; ports should be closed, dns resolver used, and other security settings that, until you are hacked/attacked, people would not think about. You might want to call the manufacturer of your router and the company that provides your network security and tell them you are being targeted and that you need their advice. I am going to do this as soon as I feel that I have a clean device/phone.

A few other security things I have learned that I will share in case it can help: (1) your Apple ID email should only be used for your Apple ID, nothing else (2) turn off Bluetooth, WiFi AND auto joining of WiFi managed networks (3)turn off your router when not using it(4) use a hardware security key (for example a Yubi key) for any and all accounts that support them (5) Proton is a popular email for security (6) put your tvs, cameras, smart devices, etc on a separate ssd from your computers and cell phones. These devices are easily hacked. (7) Browsers have different features. Learn what they are. A couple of security sites advised to reserve one browser specifically for financial needs(8) Don’t let anybody on your WiFi. Before I understood the situation, I went to my sister’s house and got on her WiFi. The next time I went there she was so frustrated because she was getting locked out of her accounts, which is what they doing to me (9) On your iPhone, regularly delete your Safari history and data. I also close the pages. At least once a day (I do it much more than that), reboot your iPhone. I read an article published by John’s Hopkins. They did a study and learned that iPhones greatest protection is after a reboot.

Good luck

I did forget to mention one thing: an easy way to learn if the hacker has taken over your entire network is to remove one of your devices from the WiFi (I used a tv). When you are putting the device back on the network, delete any password that is auto populated and then type in the password that you know is correct. If the password is not accepted, you know that he is controlling your router.

Yes, the first 5-6 months I was majorly stressed out knowing that I was under attack, losing control over everything, unable to escape, not knowing how to protect myself, getting attitude and/or disbelief from those I contacted for help, and realizing I was on my own-that nobody could help me. While I have learned a lot online and by analyzing the behavior of my phone, I have also learned how much I don’t know.

ASCUN75 wrote:

I did forget to mention one thing: an easy way to learn if the hacker has taken over your entire network is to remove one of your devices from the WiFi (I used a tv). When you are putting the device back on the network, delete any password that is auto populated and then type in the password that you know is correct. If the password is not accepted, you know that he is controlling your router.

None of that is particularly what I would suggest. Wi-Fi router security can certainly be dicy (particularly when cheaper and/or down-revision), but a router password change is spectacularly obvious across all devices.

If the miscreant has sufficient access to suppress that by also changing passwords across all devices, iCloud Keychain and all devices’ security are also all catastrophically breached (password re-use?), and there really isn’t a reason for the miscreant to even perform a Wi-Fi password change with that access; they already have that and likely other passwords. And that problem and that breach is vastly larger and far more pernicious than having the Wi-Fi password.

Pragmatically, having the Wi-Fi password still doesn’t gain particular access into individual , as devices are routinely connected to potentially hostile networks. This absent configuration errors, or mistakes such as active passwords written in locally- and open-accessible files on local file servers or such.

Wi-Fi is also an afterthought to somebody with the capabilities to access cellular network protected data—the cloned SIM and such, or SS7 attacks as have been employed on occasion—as part of an espionage-grade attack. A miscreant with that access likely also has the Wi-Fi password, if they care to have it.

With regard to “and there really isn’t a reason for the miscreant to even perform a Wi-Fi password change with that access;”, You are 100% wrong. It’s basic psychology that most of us learned in high school. These hackers are stalkers and need to show you who is in charge; who has the power.

As the original poster stated, he will change something only to have it changed back. That has been my experience as well as others that have posted on this forum. Yes, some is driven by malware or a bot but some of this activity is controlled by an individual. I believe that person is called the bit “herder” but I could be wrong.

To the original poster, everything I have read advised not to sync devices.

To the naysayers, enjoy your online privacy while you still have it. Hopefully you will never lose it, but I believe the tide is turning and you are going to start seeing more and more postings regarding account and device takeovers.

Have a great day.

Hi, this is not difficult to believe as I have been dealing with a hacker/malware for almost 1 year. They have taken control over all of our devices. This is my 3rd iPhone this year in addition to cheap phones from Walmart and a Pixel 14 pro. I finally stopped running and have spent countless hours learning this phone, analyzing its behavior, and have spent countless hours reading up on cyber security.

I wish I could be of some help, but all I can do is empathize, although so far your situation is so much worse than mine …. And I thought mine was horrible. Try to ignore the harsh postings and cold feedback you receive from people. They have not walked in your shoes and are TOTALLY CLUELESS about the state of cyber security in today’s world. They have no knowledge of the fact that Apple’s security patches within the past 12 months and before patched vulnerabilities that gave an attacker kernel privileges. Safari, iMessage, Find My are a few of the apps that were being used to get kernel privileges. A person does not need to click on a link, respond to a phone call or text to get attacked. All that is needed to open themselves up to be hacked/attacked is to have a device online. And they NO CLUE that there are no businesses or organizations available to help people who are being cyber stalked. The feedback that I received from county and state law enforcement was a joke. They also have no clue.

I wish you the best.

Well, I never thought anything even close to being as devistating as war could possibly happen to me but here I am, an iPhone13 down, a Xiaomi Redmi Note 10T, 5 laptops, 9 HDDs, now a 5 Day old iPhone 15Pro (a Grand I Borrowed) with a new esim, number, mac & IPs, got the 1st hit in the Parking lot of AT&T where I spent 4Hrs on their phone just to get the New 15 to take an esim!

They wouldn't accept it back so now that I am certain I cannot trust it I have an expensive door stopper. I've Never quit a single thing in my Life, a former US Marine but I'm so sick of the games I will have to soon before anyone else thinks I'm just another crazy vet who rotated home, lost my family then went nuts however, y'all have given me some much needed strength knowing I'm not fully alone or a fruit & nut cake! I'll fight it until,.... I cannot anymore.

Y'all have a blessed day I've been up all night playing hacker war resetting, new #, esim, passwords, etc. I'm done for now. Stay safe & well protected! CJ