Tuesday, November 26, 2024
HomeSecurity NewsiOS Trustjacking -Dangerous iOS Vulnerability to Hack iPhones & Gain Complete Control...

iOS Trustjacking -Dangerous iOS Vulnerability to Hack iPhones & Gain Complete Control Remotely by Attackers

Published on

New Vulnerability called “iOS Trustjacking” discovered in the iOS device that allows an attacker to control the Vulnerable device remotely and perform various malicious activities.

An iOS Trustjacking exploits the vulnerability that presented in iTunes Wi-Fi sync which enables the attack to gain the remote access without any user interaction and gain persistent control to the victim’s device without any physical Interaction.

“iTunes Wi-Fi sync” is one of the useful future that allows iOS devices to be synced with iTunes without having to physically connect the iOS device to the computer.

- Advertisement - SIEM as a Service

Previously discovered a related vulnerability and Attac such as juice jacking (new computer didn’t require any authorization that leads to install malware),  Videojacking,(HDMI connection and get a screen recording of iOS devices) required users physical interaction to perform various malicious activities.

In this case,  Trustjacking vulnerability also even more continuous persistence with the vulnerable iOS device and stay connected to the compromised device even after the device disconnected with malicious hardware.

How does this iOS Trustjacking vulnerability works

iTunes Wi-Fi sync helps to communicate with the device without any physical connection and the user requires to syncing the iOS device with iTunes first by connecting to a computer with a cable in order to achieve this future.(sync with the iOS device over Wi-Fi.)

if the user needs to access the new computer with their iOS device, it is asked to make this connection as a trust connection or not and once user allows it then it accesses iOS device via the standard iTunes APIs.

According to Symantec’s RSA Conference presentation, This allows the computer to access the photos on the device, perform a backup, install applications and much more, without requiring another confirmation from the user and without any noticeable indication.

At the same time, This iOS Trustjacking could activate the  “iTunes Wi-Fi sync” feature which allows continuing the existing connection with the device even after the communication disconnected from the computer as long as the iOS device is connected to the same network.

so the attacker needs to take two steps:
  • Allow the device to connect to iTunes
  • Enable iTunes Wi-Fi sync

Interesting this is to enable “iTunes Wi-Fi sync” does not require the victim’s approval and can be conducted purely from the computer side.

So Attacker can possibility can easily take screenshots and display or recording them remotely also an attacker is able to get access to a lot of private information such as Photos, SMS / iMessage chats history, App data Etc..

According to the researcher, These steps can be automated by malicious software. They interestingly do not require any additional approval from the victim and don’t trigger any indication on the device that something is happening.

“In order to be able to view the victim’s device screen, the attacker needs to install the developer image suitable for the victim’s device iOS version; then, he can take screenshots repeatedly and view the device’s screen in near real time. Installing the developer image can be conducted over Wi-Fi and does not require regaining physical access to the device. “

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

IBM Workload Scheduler Vulnerability Stores User Credentials in Plain Text

IBM has issued a security bulletin warning customers about a vulnerability in its Workload...

Multiple Flaws With Android & Google Pixel Devices Let Attackers Elevate Privileges

Several high-severity vulnerabilities have been identified in Android and Google Pixel devices, exposing millions...

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting...

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Nearest Neighbor Attacks: Russian APT Hack The Target By Exploiting Nearby Wi-Fi Networks

Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as...

Critical PDF.js & React-PDF Vulnerabilities Threaten Millions Of PDF Users

A new critical vulnerability has been discovered in PDF.js, which could allow a threat...

LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely From Any Browser, Anywhere

LayerX, pioneer of the LayerX Browser Security platform, today announced $24 million in Series...