An iPhone’s ability to back itself up via Wi-Fi to a computer running iTunes has a glaring security hole, meaning anyone with access to that computer could have easy access to a raft of personal data.
According to new insights (opens in new tab) from privacy tool provider Certo, Apple is failing to keep its devices secure by failing to keep users aware that the longstanding backup feature, iTunes WiFi sync, is even enabled.
That’s a problem when part of the hack involves accessing the victim’s iPhone and setting up the backup to any computer, after which the data can be read by desktop and mobile applications, and packaged up into intuitive reports for perusal.
iTunes WiFi Sync’s role in spying
As Certo points out, iTunes WiFi sync is just one example of how parental control apps can be leveraged by domestic abusers to assert control over several aspects of their lives.
The company notes that Tech-facilitated abuse is common across several “Internet of Things” product providers, such as Amazon’s Alexa-enabled devices, Google maps, and electric cars.
iPhone users who have good reason to believe they might be snooped on in this way have, until now, been unable to easily detect whether the feature is enabled as, bizarrely, Apple has disabled the option to check if the feature is enabled in an iPhone’s Settings menu since the release of iOS 13.
Currently, the only indicator that an iPhone is “WiFi syncing” is a small spinning circle of arrows in the top-right of the interface when the backup is taking place.
That’s reminiscent of the presence of an AirTag device, designed to track belongings but also used by stalkers to track people, for a time only notifying users of the presence of an AirTag in the vicinity of their iPhone with a single notification reading “accessory detected”.
Apple is taking much longer to plug this particular security hole, and although Certo has recommended that Apple reinstate the WiFi Sync option in the Settings app, as well as actually allowing users to disable the feature directly from their device, it is yet to receive a response from the tech giant.
In the meantime, however, Certo has released a tool (opens in new tab) for desktop computers that allows users to check if the feature is active, as well as disable it.
