Attack Vector Trustjacking on iPhone | Mac Life

Trustjacking is an artificial word. It consists of the component “trust” of trust and “hijacking” of kidnapping. If you connect your iPhone or iPad to a computer, you will be asked if you want to trust the device.

iPhone Security Loss Through Trust Bonus?

Now, Symantec claims that this system is an attack vector for Represents hacker. Apple would not protect enough users, is even a reproach.

Because the dialogue always pops up as soon as you connect the iPhone or iPad to a computer. Even if you just want to charge the smartphone or tablet over it. Symantec argues that it suggests to you that you can not go ahead with what you intend to do if you do not “agree.” In fact, that’s not right. You can negatively restrict the dialog and still charge your iPhone on the computer.

Attack vector Trustjacking

If you have confirmed this warning dialog, you allow the corresponding computer some rights to access data on the iPhone or iPad. The computer has even special rights, even if you have already pulled the cable long ago. This was demonstrated by Symantec.

Hackers could now manipulate charging stations in a cafĂ© or at the airport. If you have then recklessly expressed confidence, you are trapped. As long as you’re in the same Wi-Fi network as your compromised computer, the device can read data from your smartphone or tablet.

Remote Backups and Attacks

Hackers could use this attack vector to back up their data Make iPhones and iPads. Also, Apple’s developer tools could be used to take screenshots of “connected” devices and monitor their activity.

However, hackers could also inject configuration profiles that would allow them to do so later

How You Can Defend Against Trustjacking

It would be best, Symantec says, you do not trust any computer. Even your own. If malware was introduced on the machine, the hackers could also use this detour to access your smartphone and tablet data.

You can reset the Trusted Computers list, but you can not manage them individually in iOS. Depending on how much comfort you prefer, you should also turn off the “iTunes Wi-Fi Sync” option in the Settings (General) on the device. At least that would limit the ability to grab data.

Leave a Reply

Your email address will not be published. Required fields are marked *