Just to save everyone the read, reading through the replies, this person is very clearly paranoid and has no clear evidence of an actual breach. I have zero idea why people are actually engaging with this.

Are you a person of high interest? I was under the impression that these sorts of breaches only happen to journalists, state officials, etc.

How can you tell that you were breached?

I don't think that proves they've been breached. Are you sure your not just seeing keep alive traffic or something random you haven't taken into account ?

Sounds like it is time to drop Apple devices and move to Graphene.

> restrictive (no iCloud, Siri, Facetime, AirDrop ) MDM policy via Apple Configurator

MDM? That doesn't surprise me. Do you want to know how _utterly_ trivial MDM is to bypass on Apple Silicon? This is the way I've done it multiple times (and I suspect there are others):

Monterey USB installer (or Configurator + IPSW)

Begin installation.

At the point of the reboot mid-installation, remove Internet access, or, more specifically, make sure the Mac cannot DNS resolve: iprofiles.apple.com, mdmenrollment.apple.com, deviceenrollment.apple.com.

Continue installation and complete.

Add 0.0.0.0 entries for these three hostnames to /etc/hosts (or just keep the above "null routed" at your DNS server/router.

Tada. That's it. I wish there was more to it.

You can now upgrade your Mac all the way to Tahoe 26.3 without complaint, problem, or it ever phoning home. Everything works. iCloud. Find My. It seems that the MDM enrollment check is only ever done at one point during install and then forgotten about.

Caveat: I didn't experiment too much, but it seems that some newer versions of macOS require some internet access to complete installation, for this reason or others, but I didn't even bother to validate, since I had a repeatable and tested solution.

It appears the iPhone Air and iPhone 16e are the only devices with the Apple radio basebands so far.

https://theapplewiki.com/wiki/C4000