nerdexam
EC-Council

312-50V13 · Question #267

Steven connected his iPhone to a public computer that had been infected by Clark, an attacker. After establishing the connection with the public computer, Steven enabled iTunes WI-FI sync on the compu

The correct answer is A. IOS trustjacking. iOS Trustjacking Explained Why A is Correct: iOS Trustjacking exploits the iTunes Wi-Fi Sync feature - when a user connects their iPhone to a compromised computer and taps "Trust" on the device prompt, the attacker gains persistent access to the device over Wi-Fi, even after the

Submitted by brentm· Mar 6, 2026Hacking Mobile Platforms

Question

Steven connected his iPhone to a public computer that had been infected by Clark, an attacker. After establishing the connection with the public computer, Steven enabled iTunes WI-FI sync on the computer so that the device could continue communication with that computer even after being physically disconnected. Now, Clark gains access to Steven's iPhone through the infected computer and is able to monitor and read all of Steven's activity on the iPhone, even after the device is out of the communication zone. Which of the following attacks is performed by Clark in above scenario?

Options

  • AIOS trustjacking
  • BlOS Jailbreaking
  • CExploiting SS7 vulnerability
  • DMan-in-the-disk attack

How the community answered

(41 responses)
  • A
    93% (38)
  • B
    5% (2)
  • D
    2% (1)

Explanation

iOS Trustjacking Explained

Why A is Correct: iOS Trustjacking exploits the iTunes Wi-Fi Sync feature - when a user connects their iPhone to a compromised computer and taps "Trust" on the device prompt, the attacker gains persistent access to the device over Wi-Fi, even after the physical USB connection is severed. This perfectly matches the scenario where Clark continues monitoring Steven's iPhone remotely through the infected computer.

Why the Distractors Are Wrong:

  • B (Jailbreaking) involves removing Apple's software restrictions on the iPhone itself, requiring direct device manipulation - no infected computer or Wi-Fi sync is involved.
  • C (SS7 Vulnerability) exploits weaknesses in the cellular signaling protocol used by telecom networks to intercept calls/texts - it has nothing to do with USB connections or iTunes.
  • D (Man-in-the-Disk) is an Android-specific attack targeting vulnerable external storage (SD card) access between apps - it doesn't apply to iOS or this scenario.

Memory Tip: Think of "Trust"jacking - the attack begins the moment Steven taps "Trust This Computer" on his iPhone, essentially handing Clark the keys to his device. If you remember the word trust = the iTunes trust relationship, you'll always connect this attack to the correct scenario.

Topics

#Mobile Hacking#iOS Trustjacking#Remote Access#iTunes Wi-Fi Sync

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice