A new iPhone vulnerability was disclosed at the RSA Conference in San Francisco. The vulnerability allows persistent control over an iPhone device without it being physically connected to a computer. With just a simple tap by the iOS device owner when connected to the same network as the attacker, the network link grants permanent control of the device without the owner even knowing the device has been compromised.This vulnerability exploits a weakness in an iOS function called iTunes Wi-Fi sync, a feature that allows users to sync up iTunes content and data between Apple devices wirelessly.
How it works:
- User connects phone to a malicious charger/computer and chooses to trust it
- Attacker allows the device to connect to iTunes and enables iTunes Wi-Fi sync (can be accomplished automated without user interaction)
- The attacker remotely installs a developer image suitable to users iOS version over Wi-Fi
Attackers are then able to gain access to photos, install applications, remote backup as well as receive a livestream of the screen without needing any other confirmation from the user. After that initial “tap to trust” moment, the attacker does not require any more interaction with the user and all of the user’s vulnerable data is accessible remotely.
Proficio Threat Intelligence Recommendations:
- Clear all “trusted” computers on iOS devices by resetting the location and privacy settings
- Enable encrypted backup on your iOS devices
General Information – Click Here
