Stroz Friedberg, a firm that specializes in responding to cybersecurity breaches, said it has built an open-source proof-of-concept tool that allows users to disconnect their Apple iOS devices from certain "trusted" computers to reduce the risk of unauthorized access to data on their iPhones or iPads.
The security firm reported it was able to replicate much of the findings of a well-known researcher Jonathan Zdziarksy, who first drew attention to this potential vulnerability in a presentation at the Hackers On Planet Earth X Conference in July. Zdziarzky had pointed to services that “cannot be turned off” and most users are unaware of, but continue to provide access to users' data on the devices well beyond what he considered useful for diagnostics and de-bugging information, Stroz Friedberg said in a paper on Monday.
Three of these services were especially significant and would run once an iOS device is “paired” with a computer, Cheri Carr, director of digital forensics, and Daniel Blank, a digital forensic examiner at the security firm, said.
Starting with iOS 7, users are prompted to “trust” or “un-trust” a computer when they connect their iPhone or iPad to it, and selecting an option generates “pairing records” on the device and the computer. However, once the “trust” option is selected, a user “cannot easily review or revoke that trust,” Carr and Blank wrote. Further, these pairing records are “computer agnostic,” which means a record could be copied from a “trusted” computer to an unauthorized one to gain access to the iOS device, they pointed out.
“Presently, there is no way for a user to turn off or disable these services, which are present on an estimated 600 million devices,” they said. The only sure way was to wipe the iOS device and restore it from a backup, they said, citing Zdziarsky.
Continue Reading Below
The open-source tool, however, takes a user through a series of prompts that will delete existing pairing records. The tool is called unTRUST, and the source code and installation files are available from the security firm’s repository.