iPad rootkit or jailbreak?

Hello,

 

I believe my iPad has a root kit installed, or some other back door is available. I would have included the requested information but obviously it’s not useful for diagnosing an iPad. The model number is A1674.

 

Can anyone help me look into this? Thank you.

It’s been five days, and apparently the topic has moved. I still need help, thanks.

The only option would be to reset the iPad to factory default & choose to delete everything which would remove any hacks.

Is there a reason why you believe there’s a rootkit installed?

The only option would be to reset the iPad to factory default & choose to delete everything which would remove any hacks.

Is there a reason why you believe there’s a rootkit installed?

They probably Jailbroke it. A simple Factory Default reset would not remove any Jailbreak software, they would have to install the correct .ips from Apple using a computer to remove any software changes.

The only option would be to reset the iPad to factory default & choose to delete everything which would remove any hacks.

Is there a reason why you believe there’s a rootkit installed?

 

Strange behavior that isn’t consistent with software bugs. Missing features that spontaneously reappear. Changes to Lock Screen that are intermittent. Changes made in settings that I didn’t make and which aren’t consistent with a configuration reset from an update or install.

 

The only option would be to reset the iPad to factory default & choose to delete everything which would remove any hacks.

Is there a reason why you believe there’s a rootkit installed?

They probably Jailbroke it. A simple Factory Default reset would not remove any Jailbreak software, they would have to install the correct .ips from Apple using a computer to remove any software changes.

 

I didn’t jailbreak the device in question.

​

​

​ There is an example for you. The enter key is producing those characters instead of line spacing. It appears to be a taunt from an active, unwanted participant. EDIT: It did this spontaneously just now, writing this message.

​

​ I also have reason to believe our WiFi is compromised. How can I collect data to use to stop this intrusion, both the software and internet? Thank you.

Edited by Dcvfrid, 29 December 2022 - 01:47 PM.

Those are not behaviors of wifi or the device compromised, those are behaviors of a faulty device that needs repaired or replaced.

Those are not behaviors of wifi or the device compromised, those are behaviors of a faulty device that needs repaired or replaced.

Believe me, I have managed to differentiate the two. A lot of the behaviors are not isolated to this device. A faulty device does not sporadically change the theme of websites you visit. Many of the other behaviors exhibited are too intelligent to be a simple hardware malfunction.

Can people in this discussion please assume that I have not jumped to this conclusion without evidence and instead focus on helping me with what I requested? I could really use the help. Thank you.

Edited by Dcvfrid, 30 December 2022 - 10:19 AM.

Have you reset the iPad to factory default?
Have you installed a fresh version of the iPadOS via iTunes?

Have you reset the iPad to factory default?
Have you installed a fresh version of the iPadOS via iTunes?

Whoever is responsible for this intrusion has had the time and intention to affect other systems. I don’t have access to an Apple device that I trust is not itself affected. How do you recommend I obtain a copy of iOS that is fresh?

 

 

I would be happy to reset the iPad, but is there a way to copy the contents of the local memory directly? As I see it, I would have to remove the hard drive to do that. I don’t want to leave myself vulnerable to this same intrusion in the future, so understanding the nature of how it occurred is important, and thus deleting valuable information regarding the intrusion without first backing it up seems like a bad decision.

 

EDIT: to be clear, I believe any iCloud backups will be manipulated to exclude the information I described, hence why dumping the local memory directly is the only alternative apparent to me.

 

Thank you for your time.

Edited by Dcvfrid, 30 December 2022 - 01:16 PM.

You can do this via a Windows PC/laptop with iTunes installed, you would then choose to reinstall the iPad OS. There’s no way to remove the hard drive from an iPad. 

Again those are hardware issues that show the device is faulty. If it was rooted which means Jailbreaking it, you would see different behaviors if someone tried to take the device over. Resetting it with a fresh OS copy is not going to fix hardware issues.

Again those are hardware issues that show the device is faulty. If it was rooted which means Jailbreaking it, you would see different behaviors if someone tried to take the device over. Resetting it with a fresh OS copy is not going to fix hardware issues.

Then I leave the op in your hands as you seem to have experience in this matter. 

I think the same.
vmSummary" : "ReadOnly portion of Libraries: Total=1.0G resident=0K(0%) swapped_out_or_unallocated=1.0G(100%)\nWritable regions: Total=65.9M written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=65.9M(100%)\n\n VIRTUAL REGION \nREGION TYPE SIZE COUNT (non-coalesced) \n=========== ======= ======= \nActivity Tracing 256K 1 \nColorSync 16K 1 \nCoreAnimation 16K 1 \nDispatch continuations 6144K 1 \nFoundation 16K 1 \nKernel Alloc Once 32K 1 \nMALLOC 55.8M 43 \nMALLOC guard page 128K 8 \nSTACK GUARD 48K 3 \nStack 2096K 3 \nVM_ALLOCATE 1024K 1 \n__AUTH 3500K 447 \n__AUTH_CONST 27.6M 691 \n__CTF 756 1 \n__DATA 17.3M 681 \n__DATA_CONST 33.8M 695 \n__DATA_DIRTY 3562K 592 \n__FONT_DATA 2352 1 \n__LINKEDIT 308.2M 4 \n__OBJC_CONST 6622K 473 \n__OBJC_RO 78.8M 1 \n__OBJC_RW 2436K 1 \n__RODATA 5776K 2 \n__TEXT 714.8M 711 \ndyld private memory 256K 1 \nmapped file 29.1M 3 \nshared memory 48K 3 \n=========== ======= ======= \nTOTAL 1.3G 4371 \n",
"legacyInfo" : {
"threadTriggered" : {
"queue" : "com.apple.main-thread"
}
},
"trialInfo" : {
"rollouts" : [
{
"rolloutId" : "6081ed9716bb6d61d81d5014",
"factorPackIds" : {
"BIFROST_PROD_1" : "63ab3daf2d41213e73573571"
},
"deploymentId" : 240002159
},
{
"rolloutId" : "6081eda9c724863038027c4f",
"factorPackIds" : {
"BIFROST_PROD_2" : "6386a132b2301345401e1862"
},
"deploymentId" : 240000982
}
],
"experiments" : [

iOS 16.2 iPhone 14 6 days old

This from the bottom of a crash report relating to messengeruiwidgetextension

Bifrost Trojan

Phone exhibiting all symptoms.. and yes I know this cant happen

But it is happening. This phone is the second one to be replaced under warranty