Security News iOS Trustjacking Attack Exposes iPhones to Remote Hacking (with no visible indicator to the device owner)

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Content source
https://www.bleepingcomputer.com/news/security/ios-trustjacking-attack-exposes-iphones-to-remote-hacking/
Symantec researchers have found a loophole in how iPhone users pair devices with Mac workstations and laptops. They say attackers can exploit this flaw —which they named Trustjacking— to take over devices without the phone owner's knowledge.

At the technical level, the Trustjacking security issue is rooted in the "iTunes Wi-Fi sync" feature included with iTunes.
If this option is enabled in the iTunes settings section, when a Mac laptop/workstation owner syncs a new iPhone to his computer, this feature allows him to connect at any time to the smartphone via the local WiFi network, instead of using a wired cable.
The feature is convenient, and for solid reasons, as it allows a PC owner to easily retrieve or send data from the smartphone via the iTunes app and its API.

....
....
....

But Symantec researchers say there's a flaw in the design of this feature, which continues to grant a computer owner access to a paired iPhone via the local WiFi network, even after the iPhone device has disconnected from the computer.
Click to expand...

Attackers can take control of iPhones via local WiFi

Presenting their findings today at the RSA 2018 security conference, Roy Iarchy, Head of Research and Modern OS Security at Symantec, says an attacker can abuse the iTunes Wi-Fi sync feature to take control of a device at later times, with no visible indicator to the device owner.
... ... .....
Click to expand...

Symantec says Trustjacking patch is not complete

Symantec says it notified Apple of the issue, but the solution Apple implemented to address the problem of Trustjacking attacks did not please its researchers.
The solution that Apple came up was to ask the iPhone user to enter the phone's passcode when pairing to a computer. This fix prevents random people from quickly grabbing your phone and pairing it to their own laptops.
... ... .... ...
Click to expand...
 
  • Like
Reactions: harlan4096
You must log in or register to reply here.

Similar threads

Lymphocyte
    • Like
    • Wow
Security News Microsoft Defender adds detection of unsecure Wi-Fi networks
Replies
0
Views
1,522
Security News
Lymphocyte
Lymphocyte
oldschool
    • +Reputation
    • Like
    • Thanks
Security News Why it’s time to take warnings about using public Wi-Fi, in places like airports, seriously
Replies
3
Views
1,540
Security News
bazang
bazang
I
    • Like
Apple iPhone to continue using Qualcomm 5G modems until 2026
Replies
0
Views
475
News Archive
Ink
I

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top