iOS Trustjacking

iOS Trustjacking is a new vulnerability which allows attackers to exploit the iTunes Wi-Fi sync feature. Designed to allow users to manage their iOS devices without requiring a physical connection to a computer, this feature can be manipulated by attackers to acquire persistent control over the victim’s device.

So how does Trustjacking work?

Firstly, the victim must connect to a malicious computer or device, via USB, that they have not connected to before. The malicious devices will be disguised to appear legitimate, for example a public charging station or an ordinary computer. When the victim has plugged their device into the USB port, they will receive a prompt to ask if they would like to trust the connected device. The victim will likely approve the device, as they require the functionality it offers (e.g. iPhone charging).

Once the victim has connected and trusted the malicious device, the attacker allows the victim to connect to iTunes and enable the iTunes Wi-Fi Sync feature. By doing so, this gives the attacker persistent access to the victim device over the same network, or over further distances by using a VPN (Virtual Private Network).

With access to the victim’s device, the attacker can manipulate it as they wish, some examples of the exploit capabilities are shown below:

* Remotely view the victim’s screen.

* Download a full backup of the device contents. Including, but is not limited to; application data, photos, videos, SMS / iMessage chat logs, call logs and contacts.

* Remotely install applications.

Since there is no fix for this vulnerability yet, it is vital that iOS users are vigilant of potentially malicious devices. If you suspect that you are a victim of Trustjacking, disconnect from all trusted devices on iOS devices you own by choosing “Reset Location & Privacy” in your device settings.

Leave a Reply