Trustjacking attackers would be able to view a victim's device screen essentially in real time by installing the developer image suitable for a particular iPhone's iOS version, and then taking continuous screenshots. And they could steal content such as photos, app data and SMS and iMessage chat history simply by creating an iTunes back-up.
The only action required on the part of the victim is agreeing to "trust" the connected device when responding to an Apple security notification acknowledging the presence of an unknown machine.
Attackers have the power to remotely view victims' mobile screens, exfiltrate valuable content, or even install malicious spy apps disguised in the package of genuine apps.The victim does not even have to enable the iTunes Wi-Fi sync feature
Symantec recommends that iOS users reset their list of trust devices and enable encrypted back-ups in iTunes while implementing a strong password.
https://www.scmagazine.com/trustjacking-exploit-abuses-itunes-feature-to-spy-on-ios-devices/article/759686/
No comments:
Post a Comment