iOS Trustjacking- Attack That Exposes Iphone Users To Remote Hacking
Have you ever used your friend’s laptop to charge your iPhone and received a prompt of “Trust This Computer?” Well your answer does not really matters, what matters is the fact that by doing so, you are not only giving permissions to share your files while they are connected but even after that! Yes, your phone will definitely get charged but this can have extreme consequences as well! The research team at Symantec found about this hack and named it “Trustjacking.”
Basically, this focuses on a feature which is known as iTunes Wi-Fi Sync. It’s a tool that lets iOS devices sync with desktop iTunes with the help of Wi-Fi. To carry out this, you need to connect your mobile device to your system once,. Furthermore you have to agree when your iOS device prompts to ask whether it can trust the computer or not and enable iTunes Wi-Fi Sync through the system. Once you have done this, you agree to the fact that these two devices can sync and communicate whenever they are connected on the same Wi-Fi network. Additionally, you’ll not be prompted again regarding the approval.
We cannot deny that it’s actually a reasonable and useful feature but for an attacker, this is yet another opportunity to get hold of users’ data. There have been instances when attacker has planted a malicious computer that seems like a normal charging station or external battery. So, by tricking people into connecting their devices, he can easily have access to all the data as long as they are connected via same WiFi.
We cannot ignore the fact that once such connection is established, the attacking party can sync with your phone, also it takes advantage of controls that are meant for developers and alter them. Also, they can start watching a target device’s screen real-time or they could silently retain the data gathered and use it for future attack.
The team of Symantec has conveyed that they accidently found out this while a team member was trying to connect his own iPhone to the system, but realized that it got connected to another team member’s phone who had earlier done the same. Out of curiosity they started digging in and found out that this was a serious vulnerability!
We cannot even imagine how this would have lead to a mass attack as every person has a few places that he visits. Offices, cafes, libraries, are a few of them and they access the same WiFi! What if an attacker accesses the device install malicious apps, or replace existing ones that spies on the user. For a hacker it will not take too long to do so and you’ll be doomed!
Is The Attack Confined Only To Wifi Network?
If the research team of Symantec is trusted, this is not only confined to WiFi! If we combine this along with malicious profile attack, then it will be even more disastrous. If attacker is able to connect to a VPN and establishes a continuous connection between the infected device and hacker’s computer, it will no longer need to stay connected via WiFi. the attacks can take place at any time!
Must Read : Non-Financial Data That You Should Secure
Is There Any Remedy For This?
Well, unfortunately there is no way listed to revoke any access selectively. The best you can do for now is clean the trusted computers list. For doing so, you’ll have to follow the path:
Settings > General > Reset > Reset Location & Privacy
And reset your settings to stay protected. For now, just avoid using the public WiFis to stay protected!