Apple iPhone stands out as one of the most secure and trustworthy smartphone out there but that same trust could be exploited for an iOS hack. Security researchers have discovered that a type of hack referred to as “trustjacking” uses a little-known WiFi feature to access a device’s data.
How this data hack works?
The researchers detail that the hack works whenever an iPhone is plugged into the USB port of a friend’s computer. When the iPhone is plugged into the computer, it asks whether you want to trust the computer and mentions that it will access to your data. Once the iPhone is connected and the computer is marked as trusted PC then users can enable iTunes WiFi Sync feature from the PC, which gives devices the ability to communicate anytime they are on the same WiFi network.
The researchers have coined this ability with the name ‘trustjacking’ since iTunes WiFi Sync is a useful feature when you are within your home network. But researchers at Symantec note that this trust can be exploited especially if you trust a wrong computer and it introduces a new vector of attack.
Watch: Apple iPhone X Video Review
“We discovered this by mistake actually,” said Symantec researcher Adi Sharabani in an interview with Wired. He added that his colleague Roy Iarchy was doing research and when he connected his own iPhone to his own computer to access it, he discovered that he was not actually connected to his own iPhone. Roy noticed that he was actually connected to one of his team members’ phones who had previously connected their mobile device to his computer a few weeks before. After digging, Roy understood the root cause of the issue found out if he was an attacker.
What an attacker can do?
Once your iPhone is synced to a trusted computer, which can of your friend or something on the same network, the attacker has the ability to install malware on your phone or even initiate a backup to pull all your files, photos and messages. Hackers can also exploit this flaw to watch your screen in real-time and then take screenshots that sync back to the computer.
Researchers at Symantec say that they haven’t found any instances of trustjacking attacks out in the wild yet. However, it could soon be exploited by potential hackers. Apple has even tweaked the WiFi Sync feature with the release of iOS 11 and it now asks for the device’s passcode before trusting a hostile computer.
But the researchers claim Apple needs to do more than that to ensure safety of iPhone users. For the time being, all iPhone users can remove all trusted connections by heading to Settings >> General >> Reset Location and Privacy.