Data Exfiltration From Internet of Things Devices: iOS Devices as Case Studies

Increasingly, big data (including sensitive and commercial-in-confidence data) is being accessible and stored on a range of Internet of Things (IoT) devices, such as our mobile devices. Therefore, any vulnerability in IoT devices, operating system or software can be exploited by cybercriminals seeking to exfiltrate our data. In this paper, we use iOS devices as case studies and highlight the potential for pairing mode in iOS devices (which allows the establishment of a trusted relationship between an iOS device and a personal computer) to be exploited for covert data exfiltration. In our three case studies, we demonstrate how an attacker could exfiltrate data from a paired iOS device by abusing a library and a command line tool distributed with iTunes. With the aim of avoiding similar attacks in the future, we present two recommendations.