The two steps for the attack – allowing the device to connect to iTunes and enabling the iTunes Wi-Fi sync feature while the device is physically connected – can be automated and quickly executed by malicious software. (The connection between the mobile device and the computer persists because the access credentials provided by the former to the latter when physically connected are saved by the computer and automatically reused when the mobile device pops up on the same network.) Furthermore, this allows activating the ‘iTunes Wi-Fi sync’ feature, which makes it possible to continue this kind of communication with the device even after it has been disconnected from the computer, as long as the computer and the iOS device are connected to the same network.”
WHAT IS SYNCIOS DEVICE SERVICE INSTALL
“This allows the computer to access the photos on the device, perform backup, install applications and much more, without requiring another confirmation from the user and without any noticeable indication. “Choosing to trust the computer allows it to communicate with the iOS device via the standard iTunes APIs,” the researchers explained. Most users believe that they have to trust the computer to get their device charged and believe the trust/access works only as long as the device is physically connected to the computer.īut if the “Sync with this iPhone/iPad over Wi-Fi” feature is enabled, the connection will last and the synching will happen as long as the user doesn’t revoke the trust.
WHAT IS SYNCIOS DEVICE SERVICE FREE
When users connect their iOS device to a computer or, for example, a free charger at an airport, they are asked whether they will trust the computer (meaning, that its settings and data will be accessible from it when connected). The vulnerability was discovered by Symantec researchers, disclosed to Apple and now to the RSA Conference 2018 attendees and the wider public.Īpple has implemented a mechanism that should prevent easy exploitation of the feature, but the researchers say that it doesn’t address the “Trustjacking” problem in an holistic manner. An iOS feature called iTunes Wi-Fi sync, which allows a user to manage their iOS device without physically connecting it to their computer, could be exploited by attackers to gain lasting control over the device and extract sensitive information from it.
0 kommentar(er)
