"Stingray" Entry in iPhone logs.

swampmac

macrumors newbie
Original poster
Jun 6, 2015
6
2
USA
I posted previously about finding a strange log entry from my iPhone6 in my backups folder on a PC. I have since decided to look closer at these logs,, due to issues Ive been having recently with my phone and my MacBook Pro (that's a whole separate post..) but I have found a log that was very unsettling as it mentions the "stingray" in one of the strings,
I do know that stingray is a tool which is used to track and eavesdrop on cellular devices.. I don't know what to make of this but figured I should post it in hopes someone can tell me this is just a coincidence.. or not--- here's the output from the file:
--------------------------------------------------------------------------------------------------------
May 27 23:36:00 default-users-iPhone accountsd[230] <Debug>: PCSIdentityCollectionSetup: <CFBasicHash 0x15ce78fb0

[0x195d4df50]>{type = mutable dict, count = 6,
entries =>
0 : <CFString 0x1988dc2d0 [0x195d4df50]>

{contents = "kPCSSetupAuthToken"} = <CFString 0x1988dc850 [0x195d4df50]>{contents = "<<VALUE>>"}
1 :

<CFString 0x1988dc290 [0x195d4df50]>{contents = "kPCSSetupPassword"} = <CFString 0x1988dc850 [0x195d4df50]>{contents

= "<<VALUE>>"}
2 : <CFString 0x1988dc230 [0x195d4df50]>{contents = "kPCSSetupUsername"} = <CFString

0x15cebd650 [0x195d4df50]>{contents = "-----"}
3 : <CFString 0x1988dc330 [0x195d4df50]>

{contents = "kPCSSetupiCloudEnvironment"} = <CFString 0x15cec16f0 [0x195d4df50]>{contents = "PROD"}
4 :

<CFString 0x1988dc2f0 [0x195d4df50]>{contents = "kPCSSetupEscrowURL"} = <CFString 0x15cec0bd0 [0x195d4df50]>

{contents = "https://p09-escrowproxy.icloud.com:443"}
6 : <CFString 0x1988dc310 [0x195d4df50]>{contents =

"kPCSSetupDSID"} = <CFString 0x1988dc850 [0x195d4df50]>{contents = "<<VALUE>>"}
}
May 27 23:36:00 default-users-

iPhone accountsd[230] <Debug>: __PCSAccountHasStingrayIdentities
May 27 23:36:01 default-users-iPhone accountsd[230]

<Error>: PCSHasStingrayIdentities: YES
May 27 23:36:03 default-users-iPhone accountsd[230] <Error>:

PCSCopyStingrayIdentity: <CFData 0x15d022a00 [0x195d4df50]>{length = 1776, capacity = 1776, bytes =

0x628206ec308206e80c126d6f62726f34 ... 5b44df63fab331b2} (error: (null))
May 27 23:36:03 default-users-iPhone

accountsd[230] <Debug>: PCSIdentityCollectionSetup: done <PCSIdentity@0x15cd7e8c0 name: mb4sho pubkey:

NRYZtUX3y6pLEWrSBhNpFgaQv9+PyEUeGPlrT/4ofz0= service: 1 <haveDupKey> BAT: old-identity
 

Applejuiced

macrumors Westmere
Apr 16, 2008
40,650
6,404
At the iPhone hacks section.
Either you or someone close by.
It functions as a fake cell tower so multiple clients might connect to it not only the person they are monitoring.

Stingrays Collect Data on Hundreds of Innocent People
And when police use a Stingray, it’s not just the suspects’ phone information the device sucks up, but all the innocent people around such suspect as well. Some devices have a range of “several kilometers,” meaning potentially thousands of people could have their privacy violated despite not being suspected of any crime. This is another fact the government didn’t fully explain to the magistrate judge in Rigmaiden.

The government now claims it protected privacy by deleting all third-party data on its own after it collected it. But the government’s unilateral decision to binge and purge comes with its own consequences. Now there’s no way to know what exactly the government obtained when it used the device.
 
Last edited:

swampmac

macrumors newbie
Original poster
Jun 6, 2015
6
2
USA
Okay, I'm not feeling any better about this.. Thanks!! :eek:
I found some info 2 days ago that led me to think the logs contents are likely just associated with the Microsoft scripting library called "SFL" which is "StingRay Foundation Library"
I haven't confirmed it yet though..
Im having the logs and other files checked out by an acquaintance in the Info Security Industry..
As there are numerous other "issues" Ive experienced lately on my iPhone and my MBP
running OSX Mavericks..
we shall see what the experts concluded soon.
 

_darkparty

macrumors newbie
Oct 17, 2016
1
0
Okay, I'm not feeling any better about this.. Thanks!! :eek:
I found some info 2 days ago that led me to think the logs contents are likely just associated with the Microsoft scripting library called "SFL" which is "StingRay Foundation Library"
I haven't confirmed it yet though..
Im having the logs and other files checked out by an acquaintance in the Info Security Industry..
As there are numerous other "issues" Ive experienced lately on my iPhone and my MBP
running OSX Mavericks..
we shall see what the experts concluded soon.

Hey man, what ever happened with this? I found "Stingray iCDP status is armed" in the log files on my laptop. I saw this thread and now I'M freaking out. Did you ever find out what it was? In my case it's probably my girlfriend