MDM on personal iPhone - Businesses, unauthorized developer activity HELP!

So how do we beat it ? Cause it seems their in my network and in my appliances. ??

Nemo_33 wrote:

I miss land lines and flip phones and dial up computer..

Both landlines and flip phones are still available if you prefer them.

Same here it’s annoying but almost comical that some entities out there are that obsessed and crazed # let them watch lol. Best regards I do empathize.

If you see nothing in you VPN & Device Management section, your next step is emergency reset. If you need help performing an emergency reset, you can call 1-800-MY-APPLE (1-800-692-7753) or schedule an appointment to visit an Apple Store. Unless you are a high profile government official or a journalist covering contentious areas, this will likely solve your issue.

I’ve experienced the same, & have recorded multiple ip addresses coming from my 13 -1T. It is disturbing. I switched carriers thinking that was the issue, also upgrading my 1 year old phone. After 3 days, my new phone, that I was manually re-entering data to, started functioning the same.

It is debilitating.

I know a lot of what is happening and have documentation, read through my posts. But the knowledge does not help to remove the MDM. I wish I could help you. I have decades of security experience (now disabled). But even with Corp Security tools, I still could not remove this. I can’t even delete games. And ppl that say you are crazy just don’t understand the complex technology. The MDM tool does not appear to be complicated, but it causes a lot of damage. Please do write to IC3.org, it might help with the antitrust issue with MDM that the DOJ considers to be a high security risk!

This is getting really bad. Why Apple and Google won’t address the elephant in the room is just so wrong.

I am seeing everything you guys are, the wifi is hacked, iOS iPhone and iPads, macOS MacBook Pro and Mac mini, Chromebook ChromeOS, Android phone.

I’ve been calling it InvisibleBeta and StealthyDeveloper because we can’t see it but they are there!

@GSS_544

Oh man I could have written your post. Do you have nearby wifi that isn’t yours? I suspect they’ve modified the router firmware and added them, I believe it’s possible. That or there is a 4G wifi gadget hidden somewhere! *grin

They’ve also got onto my website server. It’s a shame because it has really made me hate technology now. They send FaceTime and iMessages out despite them not being active. My logs are full of new and modified daemons and processes which are obviously not legit.

A lot of the scripts like you mention are from GitHub and developer betas and SDKs. Even my iOS SpringBoard is a beta version :(

The presence of beta identifier strings in logs and trial experiments is a sure sign you’ve been hit. I have found various evidence that suggests it’s been going on since at least 2019. They’ve really honed their hack. The majority of my logins now route through APIs (Google, Twitter, GitHub etc). Tonight they locked me out of account I use to post what I find on Blogger.

Lockdown is a joke, they still somehow are getting iMessages in and out on macOS and I have it off and don’t use it. My iPads have had it on since new and it’s running scripts.

Apologies for the rant, I’m just so over it but there is no escape. Aside from my sanity they’ve stole the fun that technology can be.

More to gravityfed:

I guess you must get rid of everything that could have Wi-Fi, Bluetooth or mobile access, possibly DECT, but not sure. Getting just new Apple devices won’t help. So, router, modem, printers, PC, Apple, any old devices, all light bulbs, connected cameras, TV sets of vulnerable, Wi-Fi headsets, much more. more. Other devices as well. Idk if you put “smart” devices in the guest network would help if already compromised. And keep in mind, if you configure your smart device using something that resides in your regular 2-5 ghz router, you just crossed over.

There are many things that I can’t remember how to do (if I ever knew), like securing remote access with 801.x, ppl get in my network within minutes. Firewall rules get over written in seconds. It seems very extreme. I was in Info Security for many years, never saw anything like this. And, you need a corp email/domain to read white papers about security tools! I’ve looked at the referenced logs you mentioned “The presence of beta identifier strings in logs” but what does that mean? I’ve seen installations of things, some worked some did not. But could you give me a sample of what I’d look for with “identifier strings”. I know that the shorter JavaScripts store most data in the cloud, but have no

idea how to view what is actually being done, unless it’s standard Apple Stuff. I know simple words can mean something very bad? Have you reported to IC3 dot org? They have a major issue with the MDM, search on that and Antitrust. I hope they lock this stuff down.

Same here, just posted a lengthy blog. It’s likely someone you know. Family sharing is used to spread malicious apps across other devices with different names within the same network! I also see health data that is not mine, indication of synching data. Everything IS likely being monitored. Do you ever see an eyeball on certain web sites? A lot of apps are hidden as well. The use of Web clips is a sign of an MDM, it used web clips instead of safari, but looks the same, but features are removed. Please read my last 3 posts. Changing settings won’t help much, as like you said, they get turned right back on! Keep an eye on “shortcuts” but don’t execute them, some are dangerous. From what I’ve learned, you can’t remove this, I had an MDM before and the vender removed it, but that was a different vender. The previous posts provides some info to help. You likely will not like the answers I’ve found. I did not mention, but I read that IOS devices have a hidden Wi-Fi connection as well (it showed until and update, 13?), Not certain. Request or look on Apple for hidden purchases. If you have a windows PC, search on *mdm*.*, or %mdm%.% ( I think the last one is right, that searches the root/system files,the first one was the rest of the files. You can’t get rid of it there. Read about Apple Configurator on Apple site. Good luck!

You only own 1 device? No Windows or android? Oh, it says Linux? Search on file system for MDM. Those apps are likely fake! Search on 13 million iPhones compromised (2015?). It involved many fake apps. It’s likely someone you know with a MAC computer. I think the initial install must be done with physical access. You can’t get rid of it. But it also gets on everything!

Pt 1

Daisy, I’m so sorry and I completely understand the **** you are going through. I’m a former Global IT Security Manager, it would seem like I could resolve it, but I can’t. I had someone install an MDM before to compromise my systems (windows) but found the vender name by doing a wildcard search and the vender removed it.

I wrote way too much, so I have to cut this down. 1) if you suspect someone, ask

them. It’s someone that has a Mac and has had physical access. 2) it installs remotely on everything, reformatting will not help, machine “serial number” and Wi-Fi are the same. They can scan your network for anything new. Write a request to Apple Security (although it may never actually be sent. Tell them the suspects name if known. They won’t do anything to the person, but will watch them.

3) If they confirm the user, ask/tell them to uninstall, here, it’s a class H felony to monitor another’s conversations and it does a lot more than that.

4) get a subpoena, some states allow you to go before a judge, others may require an attorney. Be clear and concise. Don’t use words that a non IT person would not understand.

Apple collects absolutely everything, it all goes by serial number, no type of program can get around this feature. They know everywhere the device has been, who installed programs and have all data, installations, emails, pictures, cloud storage, deleted emails, password resets, everything!

5) After you submit the subpoena you decide what to do from there, forgive? File charges? But most of all, ask for removal. As long as web clips is still found even after deletion, it’s still there.

Report the MDM to IC3.org! You will have to use another computer. Search the net for MDM, Antitrust, government. It’s a dangerous program to USA security!

I’m not an attorney this is not legal advice.

Good Luck. And it gets on Windows as well.

T3ddy19 wrote:

Report the MDM to IC3.org! You will have to use another computer. Search the net for MDM, Antitrust, government. It’s a dangerous program to USA security!

I believe you mean IC3.gov. The address you provided is to some insecure site registered to a company called "Dynadot".

You can’t get rid of it unless you get a subpoena. Be very specific on data you need (they keep it for 10 years). It is likely the person you suspect. The MDM has a “geo fence”, or designated area that basically is used to scan the area around your house. Anything new automatically gets scanned and installed. There have been many reported cases of this same issue! Look at any “hidden” apps downloaded since it started, I didn’t know you could hide apps! You will likely see the Configurator. Or MDM, plus several other apps, such as remote access. I had to get help from Apple to view hidden apps. Apple also provides scripting tools, so SSH (used for remote access) CMD and so on can be purchased in the App Store. They say you must be a company or school to purchase this? It goes by the serial number which is also the Wi-Fi address, so unless the person/installer removes it, it will come back! Most of the script is stored in the cloud. You can see some of the scripts under shortcuts (JavaScript). I’m not an expert with coding, but like you, I gave it a try. It’s been two years now, and things get worse as time goes by. They even used Siri to search communities for posts.

Ok, part 4, if I’m allowed 4 posts.

This is about 1%. Do a wildcard search on you Linux box using MDM, both in files and in root. I know nothing about Linux, but on windows the search would be *MDM*.* then the same for system or root files, but use the % in place of the * then note the location. Other files will likely be listed under the same location. Many may be cab (or cabinet files), most are encrypted.

ok, I’ll try to summarize again:

collect data from all sources. Create a one page summary by category, email, rogue emails (my Facebook account was removed after my address was used to send links to my no longer available contacts, a virus?). Also, look for emails that you did not send, and settings changes on device vs on public. System changes, harder to document, you could use a video. Deleted or offloaded data (check for added cloud services other than iCloud). Look at FaceTime history, I deleted FaceTime and it came back. Rogue hotspots, scan house for Wi-Fi, NFC, Bluetooth, RF and such. Avoid paying large sums to “pros” for scanning. Look at internal images of smart bulbs online. Look at YouTube to see how Wi-Fi can be added to almost anything! Document and provide images for the things you listed above, reference page numbers in summary. Include recent attacks, they are difficult to find, but they are out there. The Attorney General in NYC got a lot of press on his find with Apple Phones. There was another article on YouTube also WSJ and iPhone attacks, but I don’t recall the details. I think if you can provide proof and get authorities interested in what it could do for them it might help, plus, it’s all (mostly) new, except Pegasus which they keep announcing as new but it’s been around since 2015. They will also ask why you think you are a target, implying you are a nobody, why would anyone be interested in your information. There are articles on why ppl are cyberstalkers, look this up to provide an answer. My work history has including a couple of high target risks (such as banking Information Security) which has made me a target in the past, or it could be an X BF or GF. Provide info on why.

I think everything has to go. Unless you are able to get it removed by installer and you trust that it’s really gone. I hate to say that! And I don’t know what “everything” includes! In my case, alarm system, Rokus, PCs, IOS, Samsung TV (research vulnerable TVs). Firewall (id replaced my router/firewall about 6 times hoping to block it before I knew what it was. Avoid using credit cards online, buy gift certificates specifically for Amazon, or other accounts. Watch closely charges on credit cards. Get a list of hidden apps asap, they don’t keep that info for long. It’s also good to keep dates of things happening, but that’s so much!

Some apps seemed to have opened a back door to other attacks, but that’s difficult to determine. If you find a smart bulb or other such device, you might want to call authorities to remove it, if they are willing. Some newer devices will unscrew, but one had a big visible green circuit board and emitted a loud Wi-Fi signal.

Check out devices on you router/Firewall, try to identify unknown devices (if you can access the firewall. Note they may change the name of your Linux box to something else, so get MAC addresses if possible. And, look for NFC, they look like little circles if paper! Lookup online, scanners will pick them up.

I’ve tried everything I can, contacted venders, replaced equipment, bought software, scanned, recorded on cameras. But I’ve not yet completed a report to IC3 dot gov, or finished report to local authorities. 1st, it’s all been very difficult and excessive, second, not wanting to cause harm. But it gets worse, not better at least so far. Also, like others, when I try to get help from various sources, something worse happens again! I wish we could speak in person. Good luck, let me know if you are able to remove this mess. PS, the DOJ and FBI are all over this MDM because it over rides all security and it’s very dangerous. That’s why you must report to IC3!