×
Search TQA Weekly
×
Log into your TQA Weekly

TRUSTJACKING

Why You Shouldn't Trust Another Device with your iPhone or iPad

Steve Smith talks about the dangers of clicking trust on your favorite iOS device, and why you don't have to.

Episode #8-36 released on April 29, 2018

If you use an iPhone like me, Trustjacking, may be an issue for you. While, there are ways of doing this on Android devices, too, iPhone and iPad users do have to pay special attention when connecting their favourite devices to machines they do not own, or control.

For example, if you are running low on battery, and want to charge your iPhone or iPad, using a friend's laptop, you may be compelled to Trust the computer when your iOS device prompts you. Next time you see this message, keep in mind, your device will charge regardless of your choice, and you don't need to trust any other device, ever. Not trusting a device, prevents Trust Jacking from being an issue for you.

Now, what is the issue with Trustjacking, now that you know how to prevent it? The issue is that any USB capable outlet could be a computer, or be connected to a computer, and if wireless sync is on, then the attacker can continue to store and access your files while you remain connected to the wireless hotspot. Just another detail, the device that captured only needs access to the wireless network, it doesn't have to be wireless itself to exploit this Trust Jacking Vulnerability.

How do you know you are connected to a computer that can SYNC to your phone? iTunes Wi-Fi Sync is located under General, and you can see if you are syncing with a device, the name of the device, and the last time you have been synced. If this information shown is another device, other than your own devices, you have been Trust Jacked.

Now, being trust jacked can be an issue, but if you can't find the device and contact the authorities to destroy the information, and hold those doing this with criminal intent responsible, there is a solution to prevent it in the future. Go to General, then reset, then reset location and privacy. Then next time a request to trust the device is shown, and it is not your own computer, just don't click trust, and you'll be able to charge while being safe.

Another possible solution, use a power only cable with a mini-USB to lightning connector adaptor. It won't allow the computer or outlet to request any data.

Host : Steve Smith | Music : | Editor : Steve Smith | Producer : Zed Axis Dot Net

Sources & Resources