Skip to Main Content
PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

Letting Your iPhone Trust Random PCs Is a Bad Idea

Symantec is warning about the dangers of granting a trust permission when connecting an iPhone to a computer over a USB cable.

By Michael Kan
April 18, 2018
ITunes iPhone hack

Be careful when connecting your iPhone to a random computer. It can actually expose your handset to a sneaky hack.

On Wednesday, researchers at Symantec demonstrated how you can secretly spy on an iPhone by exploiting a permission that pops up whenever you connect the device to a laptop via a USB cable.

The iPhone will ask: Do you trust this computer? Clicking yes may not seem like a big deal, but it can actually let the computer's owner eavesdrop on your iPhone and even load malware in the form of Trojanized apps.

According to Symantec, this can be done by exploiting an iTunes feature that links a computer with an iPhone over a Wi-Fi connection. To enable the function, though, the owner has to first connect the handset to a computer over a USB cable. They can then share content from the Apple device to another machine.

In a blog post, Symantec researcher Roy Iarchy said hackers with a malware-laden charger or computer could exploit the same feature to gain access to the data inside the iPhone. The only safeguard protecting the owner from the hack is the permission pop-up that appears, which clearly states, "Your settings and data will be accessible from this computer when connected," if you click trust.

Victims might disregard the warning, and assume once their phone is disconnected from the computer, the data access will be cut off. But in reality, the iTunes synching feature can let a hacker's computer continue accessing the iPhone as long as both devices are connected to the same Wi-Fi network.

Trust This PC?"Now the attacker can control the device remotely," Iarchy said in his post. With access to the iPhone, the hacker can steal data from the device by creating a remote iTunes backup or by replacing existing apps on the iPhone with malicious ones.

Symantec has disclosed the problem to Apple, which chose to fix it by adding another step in the permission process. When an iPhone connects to a computer, the owner will now have to type in their iPhone's passcode when letting a computer gain access to the data.

A simple way to avoid the hack is to deny the access. Simply press cancel when the permission pops up. Your iPhone should still charge using the computer, without exposing any data. Symantec also says iPhone owners can view what computers the device trusts by going to Settings > General > Reset > Reset Location & Privacy.

How Your Password Was Stolen
PCMag Logo How Your Password Was Stolen

Like What You're Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.


Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

Sign up for other newsletters

TRENDING

About Michael Kan

Senior Reporter

I've been with PCMag since October 2017, covering a wide range of topics, including consumer electronics, cybersecurity, social media, networking, and gaming. Prior to working at PCMag, I was a foreign correspondent in Beijing for over five years, covering the tech scene in Asia.

Read Michael's full bio

Read the latest from Michael Kan