iOS Sync Glitch Lets Attackers Control Devices

手机数码 2018-04-19

SAN FRANCISCO – Researchers have identified a new iOS vulnerability called “trustjacking,” which exploits a feature called iTunes Wi-Fi Sync to give attackers persistent control over victims’ devices.

Symantec researchers presented the vulnerability during a session atRSAC this week and said the vulnerability gives attackers the ability to record and control all activity on a device without being in the same room. Researchers disclosed the vulnerability to Apple, who has released a mechanism to safeguard devices from the vulnerability, they said.

All victims need to do to fall victim to this attack is approve their device’s connection to a malicious computer when syncing with iTunes, they said.

“The user connects to a malicious computer one time – and chooses to trust the computer. That’s the only experience from the end user that you see in this attack. From now on that malicious computer can still communicate with the device via Wi-Fi – and there is no indication of this for the end user,” Adi Sharabani, SVP of modern OS security at Symantec, said at RSAC.

The vulnerability exploits an iOS feature called iTunes Wi-Fi sync, which allows users to manage their iOS devices without physically connecting them to their computer, said Sharabani. Enabling this feature requires users to sync their iOS devices with iTunes by connecting to their computer via a cable.

“A single tap by the iOS device owner when the two are connected to the same network allows an attacker to gain permanent control over the device,” according to a Symantec report on the vulnerability.

When connecting their iOS device to a new computer, users are asked whether they trust the computer or not. If they say yes, the computer can communicate with the device through standard iTunes APIs, activating the iTunes Wi-Fi sync feature.

That means that even after it was disconnected to the computer communication could continue, said Sharabani. So if a victim allows his device to connect to iTunes on a malicious computer, enabling iTunes Wi-Fi sync, hackers can control devices remotely.

“It is important to note that other than the initial single point of failure, authorizing the malicious computer, there is no other mechanism that prevents this continued access. In addition, there is nothing that notifies the users that by authorizing the computer they allow access to their device even after disconnecting the USB cable,” according to Symantec’s report.

Once Wi-Fi sync has been enabled, the attacker can view the victim’s device screen by installing the developer image that is suitable to the victims’ device iOS version via Wi-Fi, said Symantec. From there, attackers can take screenshots repeatedly and view the device’s screen in real time.

Attackers can also access private data such as photos, SMS and iMessage chats history, and app data. An attacker can also use the access to the device to install malicious apps and replace existing apps with modified versions that look like the original app but that can spy on the users, said Sharabani.

“These apps aren’t on the app store, so the reality is that they [attackers] can use private APIs, expanding the impact,” said Sharabani.

One drawback for attackers is that the attack requires the device and computer to be connected to the same network – meaning that the attacker needs to be in proximity to the victim’s device and connected to the same Wi-Fi.

However, Sharabani said that attackers can also combine the attack with a “malicious profile” attack. This connects the device to a VPN server and creates a continuous connection between the victim’s device and the attacker’s computer. Attackers can leverage this attack anytime and without the restriction of being in proximity with the device or connected to the same network, he said.

After the issue was reported to Apple in mid-July 2017, the smartphone company has released a mechanism in iOS 11 making sure that only the real owner of the iOS device can choose to trust a new computer, through requiring that the user enter his passcode when choosing to authorize a computer.

However, Symantec researchers said that additional steps are necessary on top of this update to ensure full security for end users: “While we appreciate the mitigation that Apple has taken, we’d like to highlight that it does not address Trustjacking in an holistic manner. Once the user has chosen to trust the compromised computer, the rest of the exploit continues to work as described above,” according to Symantec.

In order to protect devices, researchers recommend users enable encrypted backups in iTunes and choose a strong password.

Users can also go to Settings > General > Reset > Reset Location & Privacy, and re-authorize all previously connected computers next time they are connecting the iOS device to each device, said Symantec.


北京乘坐地铁公交可刷iPhone 实体卡余额也可转入... 昨日,记者从北京市政交通一卡通公司获悉,从3月30日开始,市民可以使用苹果手机乘坐北京地铁、公交,实体公交卡内的余额也可转移到“手机一卡通”中。此外,使用该项服务还可享受到地铁票价优惠,每月累计消费满100元可享受8折优惠,满150元可享受5折优惠。下一步,北京一卡通App将上线电子发票功能。 ...
论背包减重的重要性 华为随行WiFi三合一“轻”松相伴... 经常旅行或出差的小伙伴在整理行李方面早已自成一套,用登山包代替拉杆箱,把衣服卷起来装比平铺要装的更多,相机锂电池不能带上飞机等等,这些小技巧和小规定看似平常但却成为商旅宝宝的“出门信条”。 然而,让很多常出门的小伙伴逃不过又很苦恼的事情,就是包包的“减肥”。充电器、充电宝、移动Wi-Fi一...
Google Ventures 合伙人吐槽苹果开发者大会:昏昏欲睡、聊胜于无... 编者按:今年的WWDC都看了吗?你觉得它怎么样?一起来看Google Ventures的普通合伙人M.G. Siegler是怎么吐槽这届WWDC的吧!原文 A Glass of Ice Water in the Desert 。 好消息是,我看今年WWDC的时候没睡过去,坏消...
iOS 11 preview for designers: release date, news a... iOS 11 has now been released in beta for iPads, iPad Pros and iPhones, so what key features does Apple's new mobile OS bring for creative professional...
2017年美国50家最顶尖的初创公司排行榜(上)... 编者按:近日,LinkedIn评选出了「2017年美国50家最顶尖的初创公司」榜单。通过本文,让我们一起来看看当下美国最具颠覆性的初创公司都有哪些。有些公司的产品你可能每天都在用,不过大部分公司你可能从未听说过。因文章较长,为方便阅读,特分为上、下两篇。 当今世界,最引人注目的一批...