TrustJacking: the method that allows you to hack any iPhone and iPad through iTunes
Symantec has issued an alert about a new attack that they have dubbed TrustJacking, which allows a person you trust to take full control of your iPhone, iPad or iPod, including the ability to steal your data. Function iTunes WiFi Sync allows you to send content wirelessly between your computer and iPhone. For this, it is necessary to first give permission to the computer through the USB cable. Once we give permission that first time it is no longer necessary to grant it again. Thus, anyone who has access to your computer can secretly spy on your mobile phone as long as they are both under the same local network. And all without having to verify access at any time. This may seem like a limited scenario, but imagine a wall charger at an airport now and in it, an iPhone user arrives, connects his/her mobile thinking that it is a normal charger, but instead is connecting to an attacker’s computer. If by mistake it gives you to accept the pop-up, the attacker already has full access to the mobile. This can also be dangerous in the event that a hacker takes control of the “secure” computer to which the user is connected if it infects it with malware. As if it were not enough to access the mobile, it is also possible to install applications remotely with iTunes Wi-Fi Sync, and even replace existing ones with modified ones that have the same appearance as the original, but can instead spy on the activity of the user directly from the mobile. In fact, you can even see the user’s screen in real time and take screenshots or directly record it. Symantec contacted Apple to let them know the danger of this type of attack, and from iOS 11 Apple has introduced a PIN code when making the connection to the computer. However, this does not fix the problem at all, since once the user has chosen to trust a computer, the rest of the exploit continues to function without problem. For this reason, we recommend you not to use this function if you do not trust completely in the computer in which you are connecting it, and you are sure that you do not have any virus. In addition, you can check the trusted devices in Settings – General – Reset. Finally, always deny access if you plug the phone into a computer. So, what do you think about this? Simply share all your views and thoughts in the comment section below.