How's your Wednesday? Things going well? OK, your iPhone, iPad can be pwned via Wi-Fi sync

Don't panic… until you finish reading

13 Reg comments Got Tips?

RSA 2018 The iTunes Wi-Fi sync feature in Apple's iOS can be potentially abused by cops, snoops, and hackers to remotely extract information from, and control, iPhones and iPads.

This is according to researchers at Symantec, who discovered that, once an iOS device trusts a physically connected computer, the device can, in certain circumstances, be accessed by miscreants sharing the same Wi-Fi network as the device and the computer.

Said miscreants can make backups of the iPhone or iPad's documents, extract screenshots, and even add and remove applications without the iThing owner's knowledge.

Speaking at the 2018 RSA Conference today in San Francisco, Symantec operating system research team leader Roy Iarchi and senior veep Adi Sharabani said it's all because the cryptographic keys generated for accessing devices via USB are also used when authenticating access via Wi-Fi.

Thus if an iThing trusts a computer, or some other terminal, hands over its keys, and those keys land in the hands of scumbags, they can be used to hijack the handheld or fondleslab over the shared wireless network. The iOS gadget must also have iTunes Wi-Fi sync enabled, which can be turned on via social engineering or some tricky app on the device.

It sounds like a bit of a long shot – but could be pretty useful for determined snoops, crime investigators, and so on.


Pro tip: You can log into macOS High Sierra as root with no password


Once an iOS device is plugged into a PC or Mac, and the user has opted to trust the machine, those aforementioned access credentials can be used via Wi-Fi to perform the same tasks possible if the device were connected with a USB-Lightning cable.

What's worse, said the eggheads, those credentials are permanently saved by the computer, meaning they can be used to get into the smartphone weeks or months after it was paired. An attacker could infect the PC – or just buy a used machine that wasn't wiped – and reuse those credentials on a targeted victim. Or an airport charger station could ask to be trusted when plugged in, and later pwn devices via shared Wi-Fi. Just use your imagination.

Additionally, the duo noted, the technique could be paired with malicious profile attacks to route the device's network traffic via a VPN, and exploit the vulnerability when the device is not on the Wi-Fi network.

Iarchi said the issue was discovered by accident in 2017 when, while debugging several iOS devices for a different project, he noticed a strange set of logs showing up in his terminal window.

"The problem is those logs didn't collate to what I did on the devices," he explained. "It was the logs of another device of one of my team members that wasn't in the same room with me."

From there, Iarchi was able to determine that, with a bit of digging, he could use developer tools to access backups, stream screens, and covertly remove and install the apps on any iOS device that had previously been connected to his machine.

Symantec said it had notified Apple of the issue, and though iOS 11 now requires a passcode to trust a computer, the so-called "trustjacking" design flaw they found is still present and open to abuse.

Until Cupertino decides to permanently fix the problem, Iarchi and Sharabani recommend users take some basic steps to limit trusted machine access, including encrypting their backups and deleting their list of old trusted machines (this can be done via Settings> General> Reset> Reset Location and Privacy).

Developers can also help to protect their apps from data harvesting by not saving sensitive info to the device nor including it in backup data. ®


Keep Reading

Shared memory vulnerability in IBM's Db2 database could let nefarious insiders wreak havoc – so get patching

Lack of protections around trace facility gives local users read and write access

Leaked benchmarks from developer kit for Apple's home-baked silicon appear to give Microsoft a run for its money

Before you get too excited 1) They're benchmarks 2) New consumer Arm-based Macs might use something else

Microsoft sides with Epic over Apple developer ban, supports motion for temporary restraining order

'Apple’s discontinuation of Epic’s ability to develop and support Unreal Engine for iOS or macOS will harm game creators and gamers,' says Microsoft

Unexpected risks of using Apple ID: 'Sign in with Apple' will be blocked for Epic Games

Updated Games dev pleads with users to set up a password before they get locked out

No-no-no-notarised: Apple gives Microsoft's Visual Studio Code the all-clear for Mac devs

Don't cry for me, Catalina! Don't scream when firing up the open-source editor ♬

What a time to be alive: Floating Apple store bobs up in Singapore

Only accessible through underwater tunnel attached to Casino (and a few years behind the back-blocks of Cambodia)

Microsoft's little eyes light up as Oscar-winning Taika Waititi says Apple keyboards make him 'want to go back to PCs'

Literally just for the keyboard. Pipe down, Panos

Sure is wild that Apple, Google app store monopolies are way worse than what Windows got up to, sniffs Microsoft prez

Analysis 'Far more formidable gates to access to other applications than anything that existed in the industry 20 years ago'

Biting the hand that feeds IT © 1998–2020