The independent security researcher David Longenecker discovered a loophole in iOS user privacy that could be exploited to allow criminals to create backups on iOS devices if they have physical access to the smartphone or tablet.
Longenecker seems to be He discovered the potential design flaw while investigating an iOS application designed to hide documents and photos.
Trying to find out where he hides the files, he connected iOS device on his computer and tried to find the hidden files.
He noticed that when he connected every computer running iTunes to Windows or Mac, a pop-up window appeared on his phone screen asking him if he "trusts this computer?"
All of this is new here, as Apple has been doing this for years, allowing iPhones and iPads to sync with desktop or laptop computers, mainly to make it easier to backup using iTunes with the built-in backup utility .
The problem, however, mentioned by Longenecker, is found by pressing the "Trust" or "Trust" button.
If someone has physical access to an iOS device, they could very easily connect an iPhone or iPad to the computer, approve synchronization, and back up the device, which can give it sensitive information.
Backups include almost the entire device, except the codeς πρόσβασης και τα προσωπικά data health.
What is recommended in this case is Apple to implement a safer way to authorize iTunes and iOS using a password or TouchID.
