This feature you’ve never heard of might be letting anyone you know snoop on your iPhone
>
A iPhoneThe ability to back itself up over Wi-Fi to a computer running iTunes has a glaring security flaw, meaning anyone with access to that computer could easily have access to a host of personal data.
According to new insights (opens in new tab) from privacy tool provider Certo, Apple fails to secure its devices by not alerting users that the long-standing backup feature, iTunes WiFi Sync, is even enabled.
That’s a problem when part of the hack is accessing the victim’s iPhone and setting up the backup on any computer, then the data can be read by desktop and mobile applications and packaged into intuitive reports for inspection.
The role of iTunes WiFi Sync in espionage
As Certo points out, iTunes WiFi sync is just one example of how parental control apps can be used by domestic violence to exert control over various aspects of their lives.
The company notes that technology-facilitated abuse is common across several “Internet of Things” product providers, such as Amazon’s Alexa devices, Google maps, and electric cars.
iPhone users who have good reason to believe they can be spied on in this way have so far not been able to easily detect if the feature is enabled, as strangely Apple has disabled the option to check if the feature is enabled in an iPhone’s iPhone. Settings menu since the release of iOS 13.
Currently, the only indicator that an iPhone is “WiFi Sync” is a small spinning circle of arrows in the top right corner of the interface when the backup is taking place.
That is reminiscent of the presence of an AirTag device, designed to also track belongings used by stalkers to track people downwhich, for a period of time, only notifies users of the presence of an AirTag near their iPhone with a single notification that says “accessory detected”.
Apple is taking much longer to patch this particular vulnerability, and while Certo has recommended that Apple fix the WiFi Sync option in the Settings app and actually allow users to disable the feature directly from their device, it has yet to receive confirmation response from the tech giant.
In the meantime, however Certo has released a tool (opens in new tab) for desktop computers that allows users to check if the feature is active and also disable it.