"Stingray" Entry in iPhone logs.

Discussion in 'iPhone Tips, Help and Troubleshooting' started by swampmac, Jun 7, 2015.

  1. swampmac macrumors newbie


    Jun 6, 2015
    I posted previously about finding a strange log entry from my iPhone6 in my backups folder on a PC. I have since decided to look closer at these logs,, due to issues Ive been having recently with my phone and my MacBook Pro (that's a whole separate post..) but I have found a log that was very unsettling as it mentions the "stingray" in one of the strings,
    I do know that stingray is a tool which is used to track and eavesdrop on cellular devices.. I don't know what to make of this but figured I should post it in hopes someone can tell me this is just a coincidence.. or not--- here's the output from the file:
    May 27 23:36:00 default-users-iPhone accountsd[230] <Debug>: PCSIdentityCollectionSetup: <CFBasicHash 0x15ce78fb0

    [0x195d4df50]>{type = mutable dict, count = 6,
    entries =>
    0 : <CFString 0x1988dc2d0 [0x195d4df50]>

    {contents = "kPCSSetupAuthToken"} = <CFString 0x1988dc850 [0x195d4df50]>{contents = "<<VALUE>>"}
    1 :

    <CFString 0x1988dc290 [0x195d4df50]>{contents = "kPCSSetupPassword"} = <CFString 0x1988dc850 [0x195d4df50]>{contents

    = "<<VALUE>>"}
    2 : <CFString 0x1988dc230 [0x195d4df50]>{contents = "kPCSSetupUsername"} = <CFString

    0x15cebd650 [0x195d4df50]>{contents = "-----"}
    3 : <CFString 0x1988dc330 [0x195d4df50]>

    {contents = "kPCSSetupiCloudEnvironment"} = <CFString 0x15cec16f0 [0x195d4df50]>{contents = "PROD"}
    4 :

    <CFString 0x1988dc2f0 [0x195d4df50]>{contents = "kPCSSetupEscrowURL"} = <CFString 0x15cec0bd0 [0x195d4df50]>

    {contents = "https://p09-escrowproxy.icloud.com:443"}
    6 : <CFString 0x1988dc310 [0x195d4df50]>{contents =

    "kPCSSetupDSID"} = <CFString 0x1988dc850 [0x195d4df50]>{contents = "<<VALUE>>"}
    May 27 23:36:00 default-users-

    iPhone accountsd[230] <Debug>: __PCSAccountHasStingrayIdentities
    May 27 23:36:01 default-users-iPhone accountsd[230]

    <Error>: PCSHasStingrayIdentities: YES
    May 27 23:36:03 default-users-iPhone accountsd[230] <Error>:

    PCSCopyStingrayIdentity: <CFData 0x15d022a00 [0x195d4df50]>{length = 1776, capacity = 1776, bytes =

    0x628206ec308206e80c126d6f62726f34 ... 5b44df63fab331b2} (error: (null))
    May 27 23:36:03 default-users-iPhone

    accountsd[230] <Debug>: PCSIdentityCollectionSetup: done <PCSIdentity@0x15cd7e8c0 name: mb4sho pubkey:

    NRYZtUX3y6pLEWrSBhNpFgaQv9+PyEUeGPlrT/4ofz0= service: 1 <haveDupKey> BAT: old-identity
  2. Killchain macrumors member


    Jan 15, 2013
  3. Applejuiced, Jun 14, 2015
    Last edited: Jun 14, 2015

    Applejuiced macrumors Westmere


    Apr 16, 2008
    At the iPhone hacks section.
    Either you or someone close by.
    It functions as a fake cell tower so multiple clients might connect to it not only the person they are monitoring.

    Stingrays Collect Data on Hundreds of Innocent People
    And when police use a Stingray, it’s not just the suspects’ phone information the device sucks up, but all the innocent people around such suspect as well. Some devices have a range of “several kilometers,” meaning potentially thousands of people could have their privacy violated despite not being suspected of any crime. This is another fact the government didn’t fully explain to the magistrate judge in Rigmaiden.

    The government now claims it protected privacy by deleting all third-party data on its own after it collected it. But the government’s unilateral decision to binge and purge comes with its own consequences. Now there’s no way to know what exactly the government obtained when it used the device.
  4. swampmac thread starter macrumors newbie


    Jun 6, 2015
    Okay, I'm not feeling any better about this.. Thanks!! :eek:
    I found some info 2 days ago that led me to think the logs contents are likely just associated with the Microsoft scripting library called "SFL" which is "StingRay Foundation Library"
    I haven't confirmed it yet though..
    Im having the logs and other files checked out by an acquaintance in the Info Security Industry..
    As there are numerous other "issues" Ive experienced lately on my iPhone and my MBP
    running OSX Mavericks..
    we shall see what the experts concluded soon.
  5. Applejuiced macrumors Westmere


    Apr 16, 2008
    At the iPhone hacks section.
  6. _darkparty macrumors newbie


    Oct 17, 2016

    Hey man, what ever happened with this? I found "Stingray iCDP status is armed" in the log files on my laptop. I saw this thread and now I'M freaking out. Did you ever find out what it was? In my case it's probably my girlfriend

Share This Page