Full Disclosure mailing list archives

By Date By Thread An iOS oversight: exploiting device trust and backups From: David Longenecker <david () securityforrealpeople com>

Date: Tue, 22 Sep 2015 12:15:30 -0500

Posted in more detail at: http://www.securityforrealpeople.com/2015/09/exploiting-ios-backups-for-fun-and.html iOS (including iOS 9) have a chink in their security model's armor. Enabling an iOS device to trust a new computer is a one-click operation - no password or PIN is required. As long as the iOS device is logged in and not screen locked, one click is enough to tell the iPhone or iPad that this computer can be trusted. Once trusted, the computer is permitted to copy files on and off, or make a full device backup. For perspective, iOS has a setting to require the password or PIN to purchase items in the App or iTunes Stores, but no such setting when trusting a computer to do a full device backup. Is this a big deal? Have you ever lent your phone to a friend so they could make a brief phone call? If I borrow your iPhone under the guise of making a phone call, in a couple of minutes I can USB tether to my computer, trust it, and make a full device backup which I can search at length later. Or in just a few seconds I can establish that device trust now, and later slip it off your desk to make a backup of the locked iPhone. In the grand scheme of things, the ability to make a covert backup of another's iPhone isn't at the top of my list of worries. It requires physical access to an unlocked device, meaning I'd have to unlock my phone and let someone borrow it - not something I'm likely to do for someone I don't know and trust. Still, it pays to understand how your trust can be abused. Keep this in mind the next time a friend asks "can I use your iPhone to make a call?" Regards, David Longenecker Connect: Blog <http://securityforrealpeople.com/> | @dnlongen <https://www.twitter.com/dnlongen> | LinkedIn <https://www.linkedin.com/in/dnlongen/> PGP key: https://keybase.io/dnlongen _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/ By Date By Thread Current thread: An iOS oversight: exploiting device trust and backups David Longenecker (Sep 23) Re: An iOS oversight: exploiting device trust and backups Luis 'Pope' Gómez (Sep 25)

David Longenecker (Sep 23)