Buzz
This functionality can be activated by physically linking iOS devices to users' computers via iTunes and activating the synchronization option over Wi-Fi. Users will receive a confirmation prompt that the computer is trusted upon initial connection to the mobile device, but no further approval is required to activate the synchronization feature or access the device via Wi-Fi in subsequent connections.
Researchers at Symantec have uncovered methods through which hackers exploit the iTunes Wi-Fi sync feature. They found that if attackers can persuade users to connect their iPhone, iPad via a USB cable, plug into malicious devices or computers, or have been illicitly compromised, hackers can continuously control victims' phones or tablets as long as they're on the same wireless network as the victim.
In a scenario described by experts, Trustjacking attacks involve chargers arranged in areas at airports. When users connect their devices to these chargers, they'll be prompted to confirm the computer as trustworthy. The attacker then activates the synchronization option over Wi-Fi on iTunes, a process that can be automated.
Even if victims have disconnected their iPhone / iPad devices from the charger, attackers can still maintain control over the device and execute a series of unauthorized actions.
For instance, an attacker might install a developer-signed image corresponding to the victim's iOS version, enabling access to the device screen, capturing screenshots to monitor the victim's actions.
Due to the sync feature granting access via iTunes backup, attackers can access and retrieve user photos, SMS messages, iMessage conversations, as well as app data. Moreover, attackers can install malicious apps or replace existing ones with modified versions.
Moreover, attackers could hijack control of users' computers to carry out unauthorized activities more easily since the computer and mobile devices use the same network for prolonged periods.
Although the fastest way to execute a Trustjacking attack is for hackers to use the victim's Wi-Fi network. However, Symantec researchers suggest these requirements could be bypassed through malicious user profile attacks.
The profile attack method has been known since 2013, involving convincing victims to install malicious configuration files or iOS profiles on their iPhone, iPad devices. These profiles allow mobile service providers, MDM solutions, and configuration-setting apps, but hackers can also utilize these profiles to remotely control devices.
Symantec indicates this method could be utilized to perform Trustjacking attacks over the Internet by connecting the device to a VPN server and establishing continuous connections between them.
Apple has been informed of this vulnerability, and the company has attempted to address the issue by adding an extra layer of protection on iOS 11. Specifically, users will be prompted to enter a passcode if the computer is trusted.
'While we highly appreciate Apple's efforts, it's important to emphasize that Apple's solution doesn't completely mitigate Trustjacking comprehensively. Once a user has trusted a computer, the rest can be exploited as described above,' explained Roy Iarchy of Symantec, one of the experts involved in this research.
Some solutions to mitigate the extent of Trustjacking attacks recommended by Symantec researchers include: clearing the list of trusted devices and reauthorizing them, enabling backup encryption in iTunes, setting up strong passwords, you can check out how to set up an iPhone password here, and finally, using mobile security solutions.
