Jump to content

iOS Issues / Spyware


Recommended Posts

Didn't happen on my 10.5" iPad Pro. Still waiting to see what happens on my iPhone 7. May depend on what options are enabled.

Why the "Spyware" in your subject? The dialog you are describing (would be best if you posted a screenshot of it) certainly sounds like something unexpected has occurred in iOS and a diagnostic file is being prepared which you can then elect to use in a Feedback entry to Apple or simply ignore.

Edited by alvarnell
Link to post
Share on other sites

Because I've hired a security analyst and he has determined that this is a EXPLOIT, and is not normal iPhone behavior.  That should only pop up if and when you are working with a Apple Specialist, DIRECTLY, to allow extra permissions on the device for them to connect and diagnose any problems. I'm sure you can imagine the security implications considering the admin privileges that this provides, it's a security issue, as the device is recognizing that Apple is trying to connect with it, but they are not. Location data, screen sharing, etc. This "Start Diagnostics With Apple Support" occurs on ALL of my devices, as well as some family members' devices. He's identified it as spyware, and is currently working up technical details and the logs for Apple, although he's sure that they are already aware of it and have chosen not to patch the exploit, as he's seen this before.

Now, if your device(s) were doing this, and not everyone else's, would that not draw a red flag that something is not right? 

Link to post
Share on other sites

I can't say your analyst is wrong about this, but there are explanations other than working with an Apple Specialist for a sysdiagnosis file to be produced on an iPhone. I've done it myself when troubleshooting a software issue. But there is no way for me to exfiltrate this file without my attaching the iPhone to my Mac. Having not needed to troubleshoot my iPhone with an Apple Specialist, either remotely or at a Genius Bar, I can't say whether they have a means of extracting the file remotely or not. I will say that the App Store reviewers have not been perfect in their ability to spot security issues with apps before approval, but they are doing somewhat better recently at preventing apps from obtaining information they cannot justify a need for and preventing such information from leaving the device. You haven't indicated what the vector being used for this supposed exploit, but most all have come from an App Store app, at least on a non-jailbroken iDevice. Of the rest, almost all come from state sponsored hacks targeted against small groups and industry.

But I digress. If the only reason you came here was to verify behavior, I doubt you will get much more feedback here, especially on the weekend. The Apple Support Community Forum will likely give you a wider representation of users. If your security analyst has identified a pice of software that he believes is responsible for this behavior, then I'm certain that Malwarebytes would welcome taking a look at it and has provided a Newest Mobile Threats forum where you can upload any suspicious software which only experts can access it.

Link to post
Share on other sites

  • Staff

There is a BIG difference between something that is abnormal and malware. Just because you're seeing something unusual does not mean your devices are infected.

This "Start Diagnostics with Apple Support" is something that allows Apple to collect data from your device. My understanding of the process is that the collected data goes directly to Apple, and gets added to an existing support ticket that you should have open. That said, I've seen reports of cases where, for whatever reason, the diagnostic request never gets closed properly by Apple, and continues to appear.

As I see it, there are a couple likely possibilities:

  1. You're encountering a rare bug, perhaps caused by some specific configuration of your devices
  2. Apple Support still has a case open, perhaps in error, or perhaps because they're still waiting for you to submit data and you thought the case was closed

Either way, contacting Apple Support would be the way to go. Be sure to contact them via legitimate means (ie, don't Google something like "Apple support phone number" and then call the number that comes up), as listed on Apple's support site:

https://support.apple.com

I can't say with 100% certainty that it's not possible for an attacker to use this to get data from your phone or to infect your phone, because 100% certainty does not exist. However, I can say that this behavior is not known to be associated with any iOS malware or attacks. It does not seem likely to be malicious, since the diagnostic data should go directly to Apple.

Can you provide more information about how you found the security analyst that you're working with, and what specifically they have told you? 

Link to post
Share on other sites

It is most certainly Spy/Malware.  My security analyst is preparing his report for Apple Security.  Apple sent me a new phone, but oh no, it got "delayed" at FedEx in Memphis, TN and didn't move (no scans) for a full day. Item arrived late, and it was tampered with as well.  Currently working with my analyst and he advised me to contact FedEx Security as well as Apple.  Just wanted to post this to give others a heads up.  If you've never had Apple connect to your new device, it should not be saying a apple specialist is trying to start a diagnostic session straight out of the box. 

Also, emails (including this one, thats why I'm just now responding as I didn't get it on my old device) and text messages wasn't showing on my old device. However, they are magically showing up (old emails I had never received) on a different device. So, they were filtering my emails and messages as well. 

Link to post
Share on other sites

  • Staff

I can't provide any additional concrete information based on that, as I still don't have enough information to go on.

However, I will say that if you have somehow managed to attract the attention of the sort of people who are capable of intercepting your packages and tampering with them, that's nation-state-level activity. In other words, that's the sort of thing that would require the resources of a government or other extremely powerful organization.

Thus, since the options here are either that you are misinterpreting things as spyware that really aren't or you've got a very powerful organization spying on you, either way it would not be appropriate to continue the conversation here. I'd advise you to continue working with Apple through private channels.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.