A new vulnerability has been discovered in iOS that makes it susceptible to malicious keylogging or touchlogging.
FireEye reports that they've found approaches to bypass Apple's app review process effectively and exploit non-jailbroken devices. It appears that they were able to get their test app onto the App Store and now, according to the company, "We have been collaborating with Apple on this issue."
We have created a proof-of-concept "monitoring" app on non-jailbroken iOS 7.0.x devices. This “monitoring” app can record all the user touch/press events in the background, including, touches on the screen, home button press, volume button press and TouchID press, and then this app can send all user events to any remote server, as shown in Fig.1. Potential attackers can use such information to reconstruct every character the victim inputs.
The vulnerability is present in iOS 7.0.4, 7.0.5, 7.0.6, and 6.1.x. An attacker would need to misled customers into installing their app or they could exploit a remote vulnerability of another app and then conduct the background monitoring of their users.
Apple has yet to comment on the matter. Please follow iClarified on Twitter, Facebook, or RSS for updates.
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments (8)
Comments are closed for this article.
0
King Rollo - February 26, 2014 at 5:41am
Turn the phone upside down and will it work?
0
Pigstacho - February 25, 2014 at 9:36pm
Sure, iOS is really secure...
0
gamerscul9870 - February 25, 2014 at 10:46pm
In the future, 100%.
0
ratGT - February 26, 2014 at 7:57am
@pig ---- And this is coming from? A user who's application store of his mobile OS includes antivirus and antimalware software?
0
dribble - February 25, 2014 at 6:15pm
So just use Siri to dictate. No keys pressed means no keys to log!
0
Tworok - February 25, 2014 at 5:32pm
No it simply states that they did it to non jailbroken devices. So in turn make it simpler on the jailbroken ones
0
Iosjuggalo - February 25, 2014 at 5:27pm
If I'm reading this correctly, is this article saying Jailbroken devices are immune? Since it specifically states "non Jailbroken". If so cool & Ironic since some say - jail breaking makes your device insecure.
0
gamerscul9870 - February 25, 2014 at 9:07pm
Exactly why jb is like asking for more than it is good enough where it is.
![Apple Prepares Major 2026 Hardware Push With iPhone 17e, New iPads, and M5 Macs [Gurman]](/images/news/99870/99870/99870-160.jpg "Apple Prepares Major 2026 Hardware Push With iPhone 17e, New iPads, and M5 Macs [Gurman]")
![Apple Testing Variable Aperture and Large-Aperture Telephoto Cameras for iPhone 18 Pro [Rumor]](/images/news/99869/99869/99869-160.jpg "Apple Testing Variable Aperture and Large-Aperture Telephoto Cameras for iPhone 18 Pro [Rumor]")
![Apple Preparing to Allow Third-Party AI Voice Apps in CarPlay [Report]](/images/news/99865/99865/99865-160.jpg "Apple Preparing to Allow Third-Party AI Voice Apps in CarPlay [Report]")
![Original AirTag Drops to All-Time Low Price of $17 [Deal]](/images/news/99856/99856/99856-160.jpg "Original AirTag Drops to All-Time Low Price of $17 [Deal]")
![iPad Air (M3) Drops to Lowest Price of the Year at $489.99 [Deal]](/images/news/99843/99843/99843-160.jpg "iPad Air (M3) Drops to Lowest Price of the Year at $489.99 [Deal]")
![Beats Powerbeats Pro 2 Drop to $199.95 [Deal]](/images/news/99815/99815/99815-160.jpg "Beats Powerbeats Pro 2 Drop to $199.95 [Deal]")
![Apple Watch Series 11 Drops Back to All-Time Low of $299 [Deal]](/images/news/99283/99283/99283-160.jpg "Apple Watch Series 11 Drops Back to All-Time Low of $299 [Deal]")
![Apple AirPods 4 With Active Noise Cancellation Drop to $119 [Deal]](/images/news/99794/99794/99794-160.jpg "Apple AirPods 4 With Active Noise Cancellation Drop to $119 [Deal]")
