Tracking and analysis of a hidden mesh network operating across iOS devices

lists.nanog.org · speckx · 12 hours ago · view on HN · threat-intel
quality 3/10 · low quality
0 net
AI Summary

A researcher reports detection of anomalous mesh networking activity across iOS devices, including APNs redirection to non-Apple ASNs, persistent P2P tunneling on non-standard ports, and globally distributed clusters, discovered through TraceV3 binary log analysis.

Tags
ios-security mesh-network network-analysis protocol-hijacking apns-redirection p2p-networking traffic-analysis binary-parsing routing-anomalies threat-tracking exfiltration
Entities
Joseph Goydish II Bill Woodcock NANOG Google GSLB TraceV3
Mapping Mesh Infrastructure and Protocol Hijacking - NANOG - lists.nanog.org × Keyboard Shortcuts Thread View j : Next unread message k : Previous unread message j a : Jump to all threads j l : Jump to MailingList overview Mapping Mesh Infrastructure and Protocol Hijacking older Google's GSLB gone wrong: Southern... Joseph Goydish II 13 Mar 2026 13 Mar '26 12:06 a.m. I’ve been tracking some non-standard networking patterns on iOS that seem to be operating in a blind spot. Detection relies on parsing TraceV3 binary data to actually spot, specifically looking for hex-coded IP patterns in the logs. A few things I've been seeing: - Port 5223 (APNs) redirection: System traffic being tossed to non-Apple ASNs. - Non-standard tunneling: Persistent P2P sync on ports 44 and 522. - Global reach: Active clusters popping up across Russia, China, the US, Mexico etc. I put together a live dashboard to track these IPs and ASNs as they're enriched. If anyone else is seeing weird routing anomalies or similar "shadow" egress points at the backbone level, I'd love to hear your thoughts. Dashboard link: https://www.perplexity.ai/computer/a/ios-threat-tracker-y2BPW5oISauRTNFBcx93... Thank you, Joseph II 0 0 Reply Sign in to reply online Use email software Show replies by date Bill Woodcock 13 Mar 13 Mar 9:24 a.m. ... On Mar 13, 2026, at 01:06, Joseph Goydish II via NANOG wrote: I’ve been tracking some non-standard networking patterns on iOS that seem to be operating in a blind spot. iOS shouldn't be connecting to random IMAP servers. Could indicate email-based exfiltration or dead-drop communication. Excuse me? iOS users shouldn’t be reading their email? -Bill 0 0 Reply attachment --> signature.asc Sign in to reply online Use email software Bill Woodcock 9:30 a.m. ... ... On Mar 13, 2026, at 01:06, Joseph Goydish II via NANOG wrote: I’ve been tracking some non-standard networking patterns on iOS that seem to be operating in a blind spot. iOS shouldn't be connecting to random IMAP servers. Could indicate email-based exfiltration or dead-drop communication. Excuse me? iOS users shouldn’t be reading their email? I mean, nice work on the rest assuming it turns out to be legit; this is just me being a crochety old dude. -Bill Please consider the environment before using AI to process this email. 0 0 Reply attachment --> signature.asc Sign in to reply online Use email software 0 Age (days ago) 0 Last active (days ago) List overview Download 2 comments 2 participants Add to favorites Remove from favorites tags participants (2) Bill Woodcock Joseph Goydish II
← Back to stories