iOS Trustjacking Attack Exposes iPhone And iPads To Remote Hacking
Symantec researchers Roy Iarchy and Adi Sharbani have discovered a new vulnerability which would allow hackers to gain access to your iPhone and iPads. The exploit is known as 'trustjacking' and requires you to configure Wi-Fi syncing in iTunes which allows you to wirelessly manage your iOS device. The procedure is pretty simple as there are no prompts or permissions if the device is being connected to a secure and trusted computer. So let's dive in to see some more details on the matter.
iOS Trustjacking Vulnerability Exposes Your iPhone And iPad To Potential Hackers
The initial setup requires you to connect your device to the computer via a USB cable, there are no alerts or warnings stating that the device can be accessed even after the cable is disconnected. The only prompt displayed reads. Moreover, if the access has been granted, there are no ways to deauthorize a computer. However, you can revoke access to authorized computers.
If hackers manage to get in or control your iOS device through the said vulnerability, the risks are pretty high. However, there are a series of steps that a hacker must first perform in order to gain control of your device's screen. The first thing which is required is to install the developer image through the WI-Fi network. This will allows screenshots to be taken in real time, allowing for an up to date leak.
Hackers would also have access to view a person's history, which messages, photos and even the app data. According to the report, the developer image installed would also make it possible for hackers to swap apps with "a modified wrapped version that looks exactly like the original app, but is able to spy on the user while using the app and even leverage private APIs to spy on other activities all the time." The app replacement happens so fast it is virtually impossible to detect it.
While hackers would need to rest on the same Wi-Fi as the host device to gain access, the attack can also be used by conjoining a malicious profile. This will enable attackers to connect to a VPN and eradicating the need and requirement of the same Wi-Fi connection.
The vulnerability has been registered to Apple. The company was fast to act as a PIN code is now required to pair the computer with the iOS device. However, the prompt is still present. Th researchers have advised enabling the encrypted backups in iTunes. To further strengthen the security measures, users can also set a strong password.
There will be more to the story, so be sure to stay tuned in for more details. As for now, what are your thoughts on the trustjacking vulnerability? Share your views in the comments.