Dangerous New iPhone Hack



You might want to think twice before plugging your iPhone into a friend’s laptop for a quick charge. 


Security researchers have discovered an all-new type of iOS hack called “trustjacking” that uses a little-known Wi-Fi feature to access a device’s data, even when the targeted device isn’t in the same location anymore.


The hack works this way: 


          1) An iPhone user plugs into the USB port on a friend’s computer.

          2) iOS asks if you want to trust the computer and mentions that it will have access to your
              data.

          3) You can then enable iTunes Wi-Fi Sync from the PC giving the devices the ability to
              communicate anytime they’re on the same network. Hence the name “trustjacking.”


iTunes Wi-Fi Sync is a useful feature when you’re at home and connected to a network you trust. But researchers at Symantec say, “everything is possible,” as far as attacks go if you trust the wrong computer. 


The Discovery of Trustjacking. “We discovered this by mistake actually,” said Symantec’s Adi Sharabani in an interview with Wired.” Roy was doing research, and he connected his iPhone to his computer to access it. But accidentally he realized that he was not connected to his own phone. He was connected to one of his team members’ phones who had connected their mobile device to Roy’s desktop a few weeks before. So, Roy started to dig into what exactly he could do and find out if he were an attacker.”


Once your iPhone is synced to a hostile computer, the attacker could install malware on your phone or initiate a backup to pull all your photos, apps and text messages. Hackers could also use the flaw to watch your screen in real-time and take screenshots that sync back to their computer. 


The good news is researchers haven’t found any instances of trustjacking attacks out in the wild yet. That doesn’t mean they don’t exist though. Apple tweaked the Wi-Fi Sync feature with iOS 11 so that it asks for the device’s passcode before trusting. Researchers say Apple needs to do more though to let users see what networks they’ve given trust to. 


If you’re worried that you may have given a malicious computer access to your iPhone you can scrub all your connections by going to Settings >> General >> Reset >> Reset Location & Privacy.


Subscribe to Technology This Week