Trustjacking is a new “scary” attack on iOSnew “scary” attack on iOS devices, exploiting user’s lack of understanding or what’s going on. When plugging into an unknown computer or charger user may choose to “trust” it, which allows the remote device quite a degree of access to iPhone/iPad data. Many don’t realize that this trust remains after the device is disconnected and may be exploited, for instance, via Wi-Fi, if Wi-Fi sync is enabled. Many others also think that this trust is necessary for charging.

Basically, Apple should have looked at how Android 6+ has a “charge only” USB mode by default, fixed the wording and be done with it.
Protecting from this attack is extremely simple on Supervised (DEP) devices via EMM.
Here’s how it’s done via AirWatch, but any other major EMM will have something similar – this is Apple’s standard OS feature.

As a bonus, this will prevent not just the Trustjacking attack, but many other threats and leaks, since it blocks everything.
Wondering, how many had this configured before the Trustjacking news?
Leave a Reply