According to foreign media reports, Symantec researchers have discovered a vulnerability in the Apple ecosystem. As long as the user's iPhone is paired with a Mac workstation or laptop, the hacker can use the vulnerability (Trustjacking) to sneak up on the user device.
From a technical perspective, the Trustjacking vulnerability is rooted in the iTunes Wi-Fi Synchronization feature.
As long as the user has ticked "iTunes Wi-Fi Sync" in the iTunes option, when the new iPhone is synced with the Mac device, the user can connect to the smartphone over the wireless network, saving troublesome data lines.
Indeed, this feature is quite handy, allowing iTunes users to recover or send data from their smartphones.
How to turn on iTunes Wi-Fi sync on iTunes
However, Symantec researchers believe that this feature has been flawed in design, because even if the iPhone is disconnected from the Mac device, the paired iPhone can still be viewed via local Wi-Fi.
With access to local Wi-Fi, an attacker can control the iPhone
Roy Iarchy, head of Symantec's modern operating system security research department, unveiled their findings at the RSA 2018 Security Conference, saying that hackers can abuse iTunes Wi-Fi synchronization to control user devices, and it's unintelligible.
Iarchy points out that once the feature is turned on, the hacker can use iTunes to record the user's daily operations as long as the victim is connected to a toxic device. Specifically, the iTunes API will take a screenshot and send the screenshot back to the iTunes app.
In addition, hackers can install or uninstall applications on the victim's phone at will, they can even activate remote backups, order the iPhone to return data, and then profit by filtering the data.
The limitations of the attack are getting less
Obviously, such an attack is conditional. After all, the iPhone screen will pop up a prompt before connecting to the computer. The user agrees, so don't even connect other people's computers.
However, the Trustjacking attack is different. Iarchy emphasizes that malicious viruses that affect your Mac device can use the automatic script to turn on iTunes Wi-Fi Sync, then return data or infect any paired iPhones, as long as they are on the same wireless network.
Even more frightening is that Trustjacking has evolved and now you don't need a local Wi-Fi network hacker to get it, as long as the Mac and the paired iPhone are on the same VPN.
Apple's trapping measures are not comprehensive enough
Symantec said that they have notified Apple of this issue, but Apple's solution does not satisfy them.
Apple's solution is to require iPhone users to enter their mobile phone passwords when pairing. This measure prevents others from paying attention to completing the pairing of the phone with the computer.
However, Symantec believes that this vulnerability has not solved the big bug of iTunes Wi-Fi synchronization, and the attacker can still steal data from the phone after disconnecting.
"We appreciate the speed at which Apple fixes the vulnerability, but it must be said that this upgrade does not fully address the threat of Trustjacking. Once the user chooses to trust a poisoned computer, the hacker can do whatever he wants," Iarchy wrote in the blog post.
“Unfortunately, we were unable to list all trusted computers and filter background access,†Iarchy added. "The best way to do this is to make sure your iOS device doesn't trust strange computers. In addition, you can go to Settings > General > Reset > Reset Places and Privacy to get rid of potential attackers. However, next time When you authorize a computer to connect to your iOS device, you can get a good snack."
Resolver is a kind of commonly used angle detection component, because of its simple structure, reliable operation, and its accuracy can meet the general detection requirements
Resolver,Encoder Troubleshooting Resolver,Custom Resolver,Online Resolver
Yuheng Optics Co., Ltd.(Changchun) , https://www.yhenoptics.com