How can I tell if my iPhone is hacked?

Analytics are designed to be used by people with special training and special software tools. They will tell you, the end user, nothing useful. Becuase they are not intended for the end user, they terms they use can seem scary or confusing. My recommendation is to stop reading them.

"Hacking" is only going to be an issue if you have jailbroken your phone or if your data would be worth hundreds of thousands of dollars to acquire.

My uneducated guess is that means your phone is capable of using two SIMS but is not currently doing so. But, again, it doesn't matter.

jodine211 wrote:

My phone has been on Lockdiwn for about eight months. Now neither Apple or I can turn off Lockdown. They told me to wipe my phone, which I did on this same phone about 18 months ago, after which I was hacked at that time in their store as they have public WiFi. It took me five agonizing hours to right get things right, and I was basically ignored during that time despite their knowing what was happening.

So to confirm the current situation, this matter has been ongoing for eighteen months, possibly longer, and without resolution?

Given the ongoing concerns and previous discussions, I’d expect you will have already received the available security-related suggestions, and have considered those suggestions and implemented those as appropriate, and this all without resolution of the reported issues. Though one such suggestion received and seemingly discounted was the device reset to clear whatever got Lockdown Mode reportedly stuck.

After a year and a half or quite possibly longer, it would seem unlikely you'll get new or different suggestions here.

Getting hacked as reported is also rare and targeted, based on available reports. The exploits are not cheap, given a full remote exploit with no user input and with persistence is worth one to two million dollars, roughly, and that’s a very well funded adversary you’re reporting.

Which leaves you to decide on your path forward here, whether that path might include learning more about hacking and digital forensics yourself (and reading telemetry probably isn’t the best path), or potentially contracting for the assistance of a data forensics provider — and that assistance won’t usually be cheap.

I’m not at all certain what responses you might expect from this or any other forum discussion. Particularly given data forensics and related questions around your status and risks are deeply intrusive, and not happening via a forum.

No, the employees at the Apple Store are not trained on reading analytics data. The only use for them is when an Apple Engineer requests that information after opening a support ticket for an issue you are currently experiencing. They will only request it if they believe there is any value depending on that issue, and in most cases it is not needed. They also use specialized software for decoding.

Developers of apps can also log messages that would be viewable in analytics and helpful to them only when they are looking to debug a problem, but once again, it would not be helpful to the user.

I’m a former Apple Store manager. I no longer have a relationship with Apple. Analytics is like taking one page out of a 500 page novel and trying to explain the entire story. Analytics is potentially 100’s of pages of raw data that takes special software to put the data into and generate reports that can be reviewed by Apple engineers. Are you a hardware or software engineer?

How do I get my analytics reviewed by Apple? Have a warranty support issue and have Apple Support access the raw data you’re seeing on your iPhone. Otherwise, you’re chasing your tail and learning nothing and wasting a lot of people’s time and energy. There is nothing you can learn from reviewing raw analytics. Nothing.

You should not be reading your iPhone’s analytics. The reason is because we users simply don’t understand it, and we need the special software only Apple employees have to read it. Your iPhone is most likely not hacked by Dual SIM either way. But if you want to confirm, go to Settings > Cellular and see how many lines are connected.

jodine211 wrote:

I read the analytics for my iPhone. What does “NW_L2_CELLULAR_DUAL_SIM_STATUS_SUPPORTED_BUT_UNLNOWN mean? Has my iPhone been hacked by Dual Sim?

iPhone 13 Pro Max is dual-SIM model, with either two physical SIMs, or with a SIM and some number of eSIM slots available.

Typo in your posting aside, that particular telemetry can be associated with the following detail:

"l2Report_cellularDualSimStatus":"NW_L2_CELLULAR_DUAL_SIM_STATUS_SUPPORTED_BUT_UNKNOWN",

Put differently, that's normal and benign log chatter, and not as a reliable indication of compromise.

Why Apple has chosen to report UNKNOWN there is not something they've documented, same as the lack of documentation for their abbreviation choices, and for the entirety of the telemetry log contents.

As for telemetry in general, finding indications of malware or of compromises in logs is certainly possible, but it's akin to looking for needles in haystacks, without knowing what the needles look like, and the numbers of haystacks involved are always increasing. And without any certainty that any needles are present. And in the majority of cases, with no needles present. Or the haystacks with needles got deleted.

Deleted? Malware strives to avoid leaving traces in the telemetry too, with some recent malware using the expedient of deleting the logs. Intentionally leaving traces make malware and exploit tooling far easier to detect, too.

If you suspect you are a potential target for attacks involving mercenary tooling or such, and are reading telemetry log files, what (other) indications of compromise have you encountered, and what general steps have you taken here? Presumably, you've considered implementing security keys and a recovery key, and enabling lockdown mode. What of these and other steps have you already implemented?

Just to ease your concern, you can see that exact same message in the analytics data seen here also. Nothing unusual.

https://discussions.apple.com/content/attachment/1e0b5a39-4572-428a-9944-143c91f8a273

jodine211 wrote:

I read the analytics for my iPhone.

That is the problem

Has my iPhone been hacked by Dual Sim?

Nope!

jodine211 wrote:

Well, I was told at the Apple Store that they are not trained to read the analytics, so I guess I will have to find someone who can.

HIre an out-of-work Apple developer?

And it does matter or I wouldn’t have asked in this forum.

We have explained to you why it does not matter. You thought it was important because you misunderstood the purpose of analytics. Now you know differently.

My partly educated guess is 100% the same.

For the OP: don’t read the analytics if you don’t understand them, that will only scare you