With escalated privileges, an adversary could program the mobile device to impersonate USB devices such as input devices (keyboard and mouse), storage devices, and/or networking devices in order to attack a physically connected PC[1][2] This technique has been demonstrated on Android. We are unaware of any demonstrations on iOS.
| ID | Mitigation | Description |
|---|---|---|
| M1001 | Security Updates | |
| M1006 | Use Recent OS Version | |
| M1011 | User Guidance |
Advise users to only connect mobile devices to PCs when a justified need exists (e.g., mobile app development and debugging). |