How do I stop someone from controlling my iPhone 16 and Apple Account through unauthorized WiFi connections?

The carrier and Apple have been very generous as this is not a hardware issue and cannot be. There is no hardware issue that could cause your Apple password to reset.

Unlike the other people who do not think there is an indication of a hack (compromise, etc) I do think it sounds like you are being stalked or harassed, almost certainly by someone you know or someone they have put up to this.

The way they do this is by having access to your email, as well as adding themselves to your accounts as a 2FA (the code you get via text). They are accessing your accounts the regular way, by having your password and access to your email. To solve this you need to change them all at the same time. Also, if you have ever reused passwords on any website, you need to change all of those passwords the very next thing, and do NOT reuse passwords on ANY website. Learn how to use a password manager such as 1password, it will be far less work than you've already done. I doubt you'll do it but all I can do is tell you how to fix it. It's critical that you do some of these very quickly, ideally in the middle of the night or something when they would be asleep, this will prevent them from getting access again. The rest can be reset afterward once you know they don't have access to your email.

An important note about passwords: if your mom's name is Dorothy and she was born in 1950, and you use dorothy1950! as your password on every website, no matter if you have slight variations or anything, that is trivial to guess for someone who knows you or learns one password.

Obviously you need to make sure you don't lose these passwords! You will lose access to everything if you do. Use a program to generate new ones then write them or print them, along with what service the password is for (again, do NOT reuse them on multiple sites, ever). You may want to back up your photos in case you just somehow cannot keep track of this piece of paper or something, I dunno. Make multiple copies and hide one in your house, do whatever it takes to not lose these.

First, do some prep work. You need to remove any Apple devices they may have added to your account:

• Go into the find my app and remove any devices you do not physically possess or recognize
• This is how they can get 2FA login codes that will grant them access, they can probably also reset your Apple Account password this way. It's important to remove these first
• Remove any of their phone numbers or email addresses from the account so they can't get 2FA codes that way or use them to 'recover' the account and gain access

Without delay, after removing any devices, phone numbers, or emails they added to the account, do all of these promptly:

• Reset apple account password
• Reset your email password. If you have multiple emails reset them ALL
• Reset any google passwords you have
• Reset Facebook password
• Reset bank passwords
• Reset your password for your phone carrier login (Verizon, etc)

Now they will not have direct access to your accounts. Next, without waiting or delaying, you need to make sure they cannot regain access to your accounts with the following:

• Go through all of your email accounts and remove any phone numbers or emails they may have added. These might be in a 'recovery contact' section or just added normally. These can allow them to regain access by doing a 'lost password' button and having a link sent to their email
• Do the same for any google accounts
• Do the same for your phone carrier
• Do the same for Facebook
• Do the same for your bank(s) / credit cards / etc
• Do the same for Apple (again!). You needed to do this FIRST, but just in case you missed something or they added themselves back

Also this goes without saying (I hope), but you need 2FA enabled on every account. Otherwise anyone with the password can log in. You need 2FA enabled.

Now, you can take a break, sleep, eat, whatever and feel confident they CANNOT access those specific accounts. After this you can take the long and painful steps of resetting every single password on each site you've ever signed up for. This is going to take a long time, but you really have no option or you don't care if they can access it and mess with you. It's a huge amount of effort.

But the good news is that if you just use a password manager and don't reuse passwords, you can make it so you don't need to do that again later!

Once you've changed all of those passwords and removed all of their emails, etc. You should be safe. If any were joint email accounts, you need to create new accounts and switch to those instead just fyi.

There is one thing, some of the things you mentioned are simply not possible regardless of whether they can log into your account or not. I will tell you which ones are possible to do via iPhone, which are possible to do a different way but not thru iPhone, and which are not possible to control and therefore it was a random setting or something:

• An iPhone's wifi or bluetooth cannot be controlled by anything outside of the phone (except a specific case that is only related to corporate owned phones, which does not apply). Apps on the phone have very limited ability to change wifi or bluetooth and cannot do it without you approving it. Outside of a phone purchased and configured by a corporation where they can pre-configure wifi, there are no exceptions to this.
• Your bank account cannot be controlled through the phone, however they clearly are in your email and can either reset any password or just log into your bank and change settings. Not related to your phone.
• Since much of this has nothing to do with your phone, obviously you can get 100x new phones and it won't change. They are in your email which allows them access to anything, and to reset any password
• Having a 'managed wifi account' is something added by a corporation I mentioned above, it's called an MDM profile. It's not possible to automatically install these outside of a corporate owned phone. You would need to have installed them, and Xfinity provides them to allow access to their network. All they do is allow you to automatically connect to a certain wifi when you're within range. They cannot be harmful themselves unless they can physically get your phone within wifi range (~50ft) of a network they have set up specifically for this purpose. Even then they can't do anything but see which websites you're visiting (they can't get data or modify anything). It's incredibly unlikely they would go to this trouble because it's difficult to do, it doesn't give them ANY significant capabilities, AND it's very easy to avoid by staying away or turning off wifi. you don't need to worry about managed wifi networks. You can always remove them by fully resetting your phone and setting it up from scratch (the only way they can come back is a corporate owned phone OR you installed them)
• MacOS Sequoia is the latest version of Apple's Mac operating system and is unrelated to tracking anyone or anything like that. It being part of your searches could indicate they logged into your google account and searched for it, however that in itself seems unlikely and has no impact on yourself. It is not harmful
• Your vehicle having a 'timer' has no connection to your iPhone. You need to document exactly what is happening with facts because it's unclear what some of this means
• You need to consider the possibility that not everything that happens is related to this. While some things, like an email account, can be controlled, and there are reasons to do so, things like setting a timer on a flip phone is not plausible. It is not impossible but think of it like someone hiring Sean Connery to become James Bond and pull an Ocean's Elevens style heist to steal a $1 burrito from a gas station. It is not impossible according to the laws of physics, but it's just not realistic in any sense
• Recording people can be done with phones. If they have had physical access to the phone in the past, there are apps designed to spy on people they could install (iPhones by and large are not impacted due to Apple's security, which there are no known hacks currently). After resetting your passwords, reset the non-iPhones to remove any extra apps
• The programs you listed are all normal standard programs

Again, the key to all of this is:

• They have access to your email
• You reused passwords
• Your passwords are easy to guess

Those three things make it pretty easy for anyone to take control of your accounts. Since once you have the email, you can reset other passwords easily. Follow the steps above and if you are careful, they won't be able to get back in. Most of the other stuff is unrelated, as iPhones cannot be remotely controlled regardless of whether they have your login or not, it's just not possible (may people try for helping relatives, Apple doesn't allow it and it cannot be 'hacked' in on any iPhone from the past 8+ years.

Watisay wrote:

I’m sorry you think that it is unlikely!! It’s very likely! Malicious and downright destroying me! I am a 53 year old woman recently split with my ex! He’s not capable of this, but one of his family members is! It’s almost to the point that I feel like a child! The control not only goes along with the phone but my vehicle! It now has a timer keeping track of me and my Mothers antique flip phone!! We were eating supper the other night and her phone kept going off! I went to hook it up to charge and it had been recording us for an hour and 45 minutes! I don’t know where to go or what to do!!!

You are reporting being targeted by exploit tooling worth millions of dollars and by an immensely well-funded adversary. That tooling is very targeted based on available information.

A fair amount of this involves allegations of criminal activity as well, which is a discuss best with a lawyer, or with police, including whatever evidence you have accrued.

That all puts your reported situation well outside of what can be addressed around here.

You’ll want to conduct a detailed review of your security and your related practices, quite possibly obtaining forensics of your devices, and quite possibly also changes in how you store and maintain your devices and your information. None of which can happen around here. None of which is likely going to be free, either.

Nothing in that list is even a minor indication your phone, computer or accounts were compromised. I don't think they have been, to be blunt. But since this is clearly concerning to you, I recommend the following:

1. Go to your bank and have your online banking account deactivated. Have the ability for online transactions disabled and require a physical card and PIN for all transactions. You will not be able to buy anything online, of course.
2. Contact the three credit bureaus - Equifax, Experian and Transunion, and have credit freezes put in place. This will prevent any credit-related transactions from taking place unless you unfreeze your credit - no mortgages, property rentals, credit cards, loans or anything involving credit checks.
3. Stop using smart phones. Have your carrier provide you with a basic phone that supports calling and texting only, plus whatever built-in functions the phone provides. No App Stores, no Apps.

brandon-fryslie wrote:

• Having a 'managed wifi account' is something added by a corporation I mentioned above, it's called an MDM profile. It's not possible to automatically install these outside of a corporate owned phone. You would need to have installed them, and Xfinity provides them to allow access to their network. All they do is allow you to automatically connect to a certain wifi when you're within range. They cannot be harmful themselves unless they can physically get your phone within wifi range (~50ft) of a network they have set up specifically for this purpose. Even then they can't do anything but see which websites you're visiting (they can't get data or modify anything). It's incredibly unlikely they would go to this trouble because it's difficult to do, it doesn't give them ANY significant capabilities, AND it's very easy to avoid by staying away or turning off wifi. you don't need to worry about managed wifi networks. You can always remove them by fully resetting your phone and setting it up from scratch (the only way they can come back is a corporate owned phone OR you installed them)

Carrier Wi-Fi offload networks are automatically installed as part of carrier network provisioning, will show as managed networks, and do not involve the installation or use of MDM profiles.

Carrier Wi-Fi offload networks are also not evidence of a security compromise.

Watisay wrote:

I keep telling them that “someone” is controlling me! My device, my WiFi, Bluetooth, absolutely everything!

This is so unlikely as to be almost not worth considering. Unless you have data worth hundreds of thousands of dollars, no one is going to spend the money required to remotely access your iPhone's data. More mundane, less nefarious explanations make more sense.

I am not receiving vital information, about my bank account, (hacked twice! Purchasing Apple and google products) ruined my credit! Even hidd n notifications for an apartment and extremely good jobs!

That sounds as if you may not have set up notifications properly or you have Focus enabled.

Use notifications on your iPhone or iPad - Apple Support

View and respond to notifications on iPhone - Apple Support

Set up a Focus on iPhone - Apple Support

You might also want to do a Safety Check:

Safety Check for an iPhone with iOS 16 or later - Apple Support

We'd like to help but you won't answer any questions or show us any evidence. Let's try again.

The three WiFi profiles - what are they called? - a screen shot would be best.

The apps that have been downloaded to your phone that you have not downloaded - what are they called? - a screen shot will help.

If you give us information we might be able to help but if you just continue to assert things which are difficult to believe then there's nothing we can do.

Watisay wrote:

Since my last response, I was locked out of my account! But found some interesting new “programs” available on my device!!! I called Apple support and started telling them what they were and where they were coming from!! I wish I could post pictures! So. Tell me now what you think!

The Chromium

Git Repository

Google Open

Freenode

Github Page

Chrome Flags

Chrome Version chrome://version

Codereview chromium.org

Examples of what I found!!!!!

Command Line —use-mobile-user-agent-top-controls-hide-threshold-d=0.5—disable-domain—reliability—order file-memory-optimization—use-mobile-user-agent—enable-pinch——enable—viewpoint—

validate-input-event-stream-enable-long press-dragselection

And it goes on and on!!

CHROME FLAGS

74.0 3729 136

Warning Experimental features ahead! By enabling these features, you could lose browser data, or compromise your security or privacy. Enabled features apply to all users of the browser.

Override software list

override built-in software

Ignore geo blacklist

Disabled

Accelerated 2D canvas

enables the use of the GPI

#diable accelerated 2D canvas

Enabled

Composite render layers borders

Select HW strategies

Tint GL composited content

Show overdraw feedback

Partial swap!!!!

And it just keeps on going! When I talked to Apple support they wanted meme to contact law enforcement! But that’s a joke!! I have reported being hacked, because there has been money has been taken out of my bank account several times! Purchases from Apple and Google! My social security has been compromised! And nobody cares!!! Got any suggestions???

A list of benign app-related text strings is not credible evidence of a compromise. Nothing among those text strings is relevant to security. Well, not unless that was a list of somebody's passwords. Which seems unlikely.

All US social security numbers should be considered public information, given the widespread use of those strings on financial and official documentation, and given the multiple mass compromises of that data. Freeze your credit reports certainly, though a freeze unfortunately isn't a reliable means of blocking shenanigans.

Money allegedly stolen from your bank account is a banking matter, and potentially a criminal matter. No one here can assist with that. That's between you, your bank, your lawyer, and local police.

While nothing you have posted in this thread is an indication of a security issue, continuing to use devices and online services that you allege are compromised by immensely expensive exploit tooling and by immensely well-funded adversaries seems imprudent.

If you are using Chrome, Gmail , or signed into a Google account using web searches and concerned at all about your personal information or tracking, then you should delete those apps and close your Google account. That is not a device problem, that is a Google account problem.

No one is trying to ridicule you. You are not providing any details that anyone at all could use to actually diagnose what's might be occurring. you claim that you have been hacked, someone asks for details, you repeat that you've been hacked and get more indignant. Rinse and repeat.

So, like Zurarczurx just said - how about something like a screenshot of these strange profiles, the names of these apps you say you didn't download...how about anything at all that someone could actually try to diagnose?

Zurarczurx wrote:

"There are 3 “Managed WiFi” accounts on my phone! Through my carrier, but they won’t even address that issue!?" I've asked for screenshots and names but get nothing back - in fact when anyone asks for hard evidence the OP wanders off somewhere else.

Most every user has managed wifi networks provided by their cell provider. I would actually be curious to know which one does not, as every major carrier I know of uses them. They are for access to WiFi networks of partnered providers when cellular connection is poor or non existent. T-Mobile uses them for a partnered connection with an Airline for inflight WiFi, Verizon offers WiFi in many major sports stadiums, and AT&T allows connections to their own WiFi networks.

Going to Settings > WiFi > Edit will reveal the Managed Networks provided by the cell provider. Removing the SIM card makes them immediately go away. This concern has been appearing more frequently, so I suspect there has been a recent uptick in the Social Media posts spreading fear to anyone that will listen.

Zurarczurx wrote:

I'm in the UK and have never seen any managed networks. There aren't any on my phone. There is, of course, a massive list of every airport, client, train, pub, ... etc., that I've ever used and I'm sure that people can be manipulated to believe that this, among other innocent stuff, is evidence that they are being "hacked".

Managed Wi-Fi networks are common with cellular carriers in the US (and potentially elsewhere), as part of offloading cellular traffic onto carrier Wi-Fi networks.

Virtual network operators (MVNO) can be quite keen on this cellular offload too, particularly if they run other networks such as cable TV networks.

The carrier will load known Wi-Fi networks as part of the carrier settings.

These networks will appear as “managed” networks.

There will be no matching MDM profile loaded, as the Wi-Fi networks are loaded via the selected SIM or eSIM and that carrier’s carrier settings.

In normal circumstances, the Wi-Fi network names will not be deletable by the user (except by removing SIM or eSIM), and will match carrier documentation.

The iPhone itself will not otherwise be managed or supervised.

Zurarczurx wrote:

The managed WiFi accounts are probably from your carrier to allow you to use their public wifi when its available.

But even managed Wi-Fi doesn’t allow anyone to access anything on your iPhone.