Think twice before you tell your iPhone to trust that laptop when you charge it.
When you use an unknown PC or Mac to charge your iPhone, and you got the message: “Trust This Computer?” Click no! Because if you click yes, the computer will be able to access your phone settings and data while they’re connected.
Researchers have found that hackers can exploit “Trust” clearance to a whole new level of iOS attacks known as “trustjacking.” Once a user “Trusts” a computer they will become exposed to severe and persistent attacks while their phone is connected to the same Wi-Fi network as a hacker, or even remote attacks when the devices are separated.
Keep in mind that you can easily avoid almost any cybersecurity problem by implementing a cybersecurity solution inside every device, so don’t let your guard down depending of which OS your device is running it is mandatory to install an antivirus for Windows or antivirus for Mac.
If you are a company the install of antivirus is only the first layer of security, you must contract a cybersecurity company that will carry some advance cybersecurity tests to your company networks, like penetration tests, and ethical hacking tests.
Remember: once this trust is established, everything is possible thanks to a feature known as iTunes Wi-Fi Sync, this feature lets iOS devices sync with desktop iTunes over Wi-Fi.
To enable this feature, you have to physically connect a mobile device to a computer once and “Trust” it; then you will have to enable iTunes Wi-Fi Sync from the PC. After this, the two devices can sync and communicate whenever they are on the same Wi-Fi network without any further approval from the iPhone or iPad.
Use this feature only when you are using your computer an do not thrust any other one.
On a trusted Wi-Fi Sync connection, attackers can manipulate the victim iOS device, install various malware types on the victim’s phone, or initiate a backup to gather data like a victim’s photos, app information, and SMS/iMessage chats.
There’s currently no way to see a list of devices that have outstanding trusted status.
If an attacker successfully infects a target’s PC with malware can exploit the trust a victim grants his own computer because a user will obviously trust their own computer, and their phone and PC will frequently be on the same Wi-Fi network. Because of this, a hacker who has infected a target’s computer can get a two-for-one of also having regular access to the victim’s iOS devices.
Apple doesn’t offer a list of the computers an iOS device trusts, but it is possible to scrub the trusted computers list entirely. In iOS 11 users can go to Settings > General > Reset > Reset Location & Privacy to get a clean slate.
Another effective defense for users is to encrypt iOS device backups with a secure password.
For the moment iOS’s authorization prompts as a single point of failure. We will have to wait for Apple to architect long-term solutions until then the best defense is to become discerning and extremely selective about doling out trust.
To reduce and eventually eliminate all the risk of this kind of cybersecurity problems practice good cyber security habits, update your apps and OSs to latest versions available and implement a robust cybersecurity solution into your devices like an antivirus for Windows or antivirus for Mac depending on which OS is your machines running. We also recommend every company to hire a specialized cybersecurity firm that will perform various tests like a penetration test and various ethical hacking tests on company’s network to reveal if any network flaws are present.