iOS Trustjacking: How Attackers Can Hijack Your iPhone – The Mac Security Blog

The security researchers, Adi Sharabani and Roy Iarchy, presented a live demonstration of the attack. Sometime before the presentation, Sharabani had previously connected his iPhone X to Iarchy’s MacBook and tapped “Trust” in a dialog box on the iPhone–something many people do when they connect their iPhone to a computer.

During the presentation, Sharabani used his iPhone X to take a selfie with Iarchy, after which he sent a text message to their company’s CEO.

On the MacBook, Iarchy issued a command to Sharabani’s iPhone to back up its data over Wi-Fi, which is made possible by an iOS feature, called iTunes Wi-Fi Sync. After the synchronization was complete, Iarchy showed that both the selfie and the text message were easily accessible on his MacBook.

This is fascinating stuff. You “trust” a computer when you connect an iOS device; this is a security feature that ensures that when you connect a device to a computer, you have to choose whether it has access to the data on your device. This notably allows you to connect your iPhone or iPad to any computer to charge it without worrying about the computer and iTunes wiping the device. But the downside is that people may see the dialog and think they have to trust a computer to charge, if they do this, which opens up the device to access even via wi-fi.

Source: iOS Trustjacking: How Attackers Can Hijack Your iPhone | The Mac Security Blog

6 thoughts on “iOS Trustjacking: How Attackers Can Hijack Your iPhone – The Mac Security Blog

  1. The article’s headline is scarcely above the level of click bait sensationalism. What’s next? “DANGER! Anyone can break into your bank accounts, when you give them your password!!!”? While the article contains valuable information, and I’m glad that Kirk brought it to my attention, the authors pretend to be shocked that by explicitly agreeing to give a computer access to your settings and data, you give that computer access to your SETTINGS AND DATA!!! Oh, the horror!

    I agree that Apple should provide more detailed information on what Trust does, and the fact that it is optional for charging a phone from someone else’s computer. It was new information to me, that live wireless access to the phone can continue after the phone is disconnected from the computer. But I always figured that when I Trust a computer, I am committing to sharing data between the computer and my phone (which I only do with my own computers).

  2. The article’s headline is scarcely above the level of click bait sensationalism. What’s next? “DANGER! Anyone can break into your bank accounts, when you give them your password!!!”? While the article contains valuable information, and I’m glad that Kirk brought it to my attention, the authors pretend to be shocked that by explicitly agreeing to give a computer access to your settings and data, you give that computer access to your SETTINGS AND DATA!!! Oh, the horror!

    I agree that Apple should provide more detailed information on what Trust does, and the fact that it is optional for charging a phone from someone else’s computer. It was new information to me, that live wireless access to the phone can continue after the phone is disconnected from the computer. But I always figured that when I Trust a computer, I am committing to sharing data between the computer and my phone (which I only do with my own computers).

  3. There seem to be some words missing from the final paragraph of Kirk’s text. I don’t understand “This notable allows you to connect your iPhone …”. It would be more accurate to say “You have the option to “trust” a computer when you connect an iOS device…”. And under at least some conditions, you DO NOT “have to choose whether it has access to the data on your device.” I was just able to charge my iPhone X on a friend’s computer, when no user/account was logged in, and not surprisingly, the Trust dialog box did not appear.

    It also appears that I can charge my phone without choosing either button in the Trust/Don’t Trust dialog box. Perhaps Kirk can verify that. Clicking neither button limits the possible side effects when a user isn’t sure what the choices will do, although it could leave the phone vulnerable to someone else clicking the Trust button, if the phone is left unattended while it charges.

    • Yes, you can charge a phone without choosing whether or not to trust a computer. As you say, if no one is logged in, you won’t see it. You’re trusting the computer, but it’s a user account that is asking for the trust. If you connect to the same computer with a different account, you see the dialog again.

  4. There seem to be some words missing from the final paragraph of Kirk’s text. I don’t understand “This notable allows you to connect your iPhone …”. It would be more accurate to say “You have the option to “trust” a computer when you connect an iOS device…”. And under at least some conditions, you DO NOT “have to choose whether it has access to the data on your device.” I was just able to charge my iPhone X on a friend’s computer, when no user/account was logged in, and not surprisingly, the Trust dialog box did not appear.

    It also appears that I can charge my phone without choosing either button in the Trust/Don’t Trust dialog box. Perhaps Kirk can verify that. Clicking neither button limits the possible side effects when a user isn’t sure what the choices will do, although it could leave the phone vulnerable to someone else clicking the Trust button, if the phone is left unattended while it charges.

    • Yes, you can charge a phone without choosing whether or not to trust a computer. As you say, if no one is logged in, you won’t see it. You’re trusting the computer, but it’s a user account that is asking for the trust. If you connect to the same computer with a different account, you see the dialog again.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.