Jump to content

iOS login - How is 'trusted device' determined?


Recommended Posts


Doing some security testing/learning in my home lab again, this time using an iOS phone.

Does anyone know how the Two-Factor-Authentication for iOS devices determines whether the device logging in is indeed a 'Trusted Device'?

Does it use the MAC address of the device, the IP address, a file on the device?

I'm using a Kali box to see if I can log in to the iCloud without it asking for Two-Factor-Authentication; tricking the login in to thinking that the Kali box is actually the trusted iOS phone. In order to do so, I need to narrow down how the iOS login determines that the device is trusted.

So far, I've found;



"With two-factor authentication, your account can only be accessed on devices you trust, like your iPhone, iPad, or Mac. When you want to sign in to a new device for the first time, you'll need to provide two pieces of information—your password and the six-digit verification code that's automatically displayed on your trusted devices. By entering the code, you're verifying that you trust the new device. For example, if you have an iPhone and are signing into your account for the first time on a newly purchased Mac, you'll be prompted to enter your password and the verification code that's automatically displayed on your iPhone. 

Because your password alone is no longer enough to access your account, two-factor authentication dramatically improves the security of your Apple ID and all the personal information you store with Apple.

Once signed in, you won’t be asked for a verification code on that device again unless you sign out completely, erase the device, or need to change your password for security reasons. When you sign in on the web, you can choose to trust your browser, so you won’t be asked for a verification code the next time you sign in from that computer."


I assume this means that a file must be saved on the device somewhere?


Thank you.

Edited by haze1434
Link to comment
Share on other sites

Your iDevice probably has a certificate it uses to do some sort of handshake, but you'd probably have to root the device and sniff the process/network to see what is happening, and it most likely won't be sent in the clear(although it could be just a token). Two people I think of when phones are in question, Georgia Wiedman, and Kyle Osborn aka Kos. They might have stuff out there with answers, but I'd in general just google.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...