iOS Trustjacking Attack Allows Hackers To Hack iPhone, iPad
Security experts at Symantec have discovered a flaw that if exploited would allow attackers to compromise iOS devices without the owner’s knowledge.
The latest iOS attack dubbed as “Trustjacking” exploits a vulnerability in iTunes Wi-Fi Sync, a feature that allows iOS devices to be synced with iTunes without having to physically connect the iOS device to the computer. This feature can be enabled by physically connecting an iPhone/iPad to a computer once with a cable, specify that the iOS device can trust the computer henceforth, and then enable iTunes Wi-Fi Sync from the PC. Once a trusted Wi-Fi Sync connection is established, the hacker who has access to the user’s computer can secretly spy on the iOS device or record and control any sort of activities remotely, as long as they are both under the same local network.
“This allows the computer to access the photos on the device, perform a backup, install applications and much more, without requiring another confirmation from the user and without any noticeable indication. Furthermore, this allows activating the “iTunes Wi-Fi sync” feature, which makes it possible to continue this kind of communication with the device even after it has been disconnected from the computer, as long as the computer and the iOS device are connected to the same network. It is interesting to note that enabling “iTunes Wi-Fi sync” does not require the victim’s approval and can be conducted purely from the computer side,” Roy Iarchy, Head of Research, Modern OS Security wrote in the report.
Trustjacking is “extremely impactful,” said Adi Sahabani, SVP of modern OS security at Symantec, who disclosed the findings at RSAC 2018 last Wednesday alongside his colleague Iarchy.
The report stated that once the malicious computer is authorized, there is no other means that prevents the continued access to the device. Further, the users do not receive any prompts or notifications that by authorizing the computer they allow access to their device even after disconnecting the USB cable. Many users assume that their device is no longer exposed once they disconnect the USB cable.
“Even if the device is only connected for a very short period of time, it is enough for an attacker to execute the necessary steps to maintain visibility of all actions performed on the device after it is disconnected,” Iarchy wrote.
Researchers disclosed the vulnerability to Apple, who have attempted to address the issue by adding an extra layer of protection in iOS 11. The new protection layer requires the user of iOS to enter his or her passcode when trusting a computer. However, the researchers believe that such measures are inadequate.
“The user is still being told that this authorization is only relevant while the device is connected to the computer, making him believe that disconnecting his device guarantees that no one can access his private data,” Iarchy writes in the blog post. “While we appreciate the mitigation that Apple has taken, we’d like to highlight that it does not address Trustjacking in an holistic manner. Once the user has chosen to trust the compromised computer, the rest of the exploit continues to work,” Iarchy added.
Researchers also suggest users to enable encrypted backups in iTunes and select a strong password to protect their devices.
Users can also go to Settings > General > Reset > Reset Location & Privacy, and re-authorize all previously connected computers next time when connecting their iOS device to each device, said Symantec.