It turns out that any device you connect with an iOS via the USB port can obtain your device’s Universal Device ID (UDID), as long as the device isn’t passcode-locked. It just takes a second, so if you plug in your device while it’s unlocked, or unlock it while plugged in, or just don’t have a passcode, Mactans can attack.
Using the UDID, it effectively claims your device as a test device using the team’s Apple developer ID. “The iOS device must pair with any USB host that claims it,” said Jang. “Any USB host that initiates contact, they cannot reject it. It doesn’t ask the user’s permission and gives no visual indication. The only way to prevent a Mactans attack is to lock your device before charging it and keep it locked for the entire time.” Once accomplished, the pairing is permanent.
They can then install invisible apps that bypass the iOS app sandbox.
Stay up-to-date by subscribing to the Comments RSS Feed for this post.