Beware: a security hole in non-jailbroken iOS devices allows apps to "keylog" you


It seems that a new breach in iOS allows malicious apps to "sniff" and record touch input, as well as key press events, enabling wrongdoers to take advantage of a user's valuable information. According to FireEye,a network security company that discovered the flaw, even non-jailbroken iOS mobile devices are sucseptible to this security threat, even these that run the latest version of the platform – 7.0.4, 7.0.5, 7.0.6.

FireEye explains that they have developed a "monitoring app", which takes advantage of both the multitasking and the "background app refresh" features of iOS. Once started, the app disguises itself as, say, a music app. This prevents the system from suspending the malicious software, which collects all user events and sends them to a remote server.

Fortunately, users can thwart any event monitoring by opening the iOS task manager and manually closing any suspicious apps that are running on their device. FireEye also claims that it's cooperating with Apple on the issue.

Hopefully, a fix for the security breach will be implemented into the upcoming version 7.1 of the iOS mobile platform.

source: FireEye via AppleInsider

FEATURED VIDEO

8 Comments

1. blingblingthing

Posts: 943; Member since: Oct 23, 2012

Bu bu bu none of the million apps on the app store are viruses / Trojans / sarcasm . Seriously, I'm tired of reading this and some apple fan telling me android apps need anti virus software.

2. Finalflash

Posts: 4063; Member since: Jul 23, 2013

Then stop listening to them, only the idiotic ones even claim that any more. If you aren't a complete idiot you'll know how to manage your exposure on any platform.

6. blingblingthing

Posts: 943; Member since: Oct 23, 2012

I like to listen to them and then mention these articles. You really think with 1 million apps on the store, none are malicious?

8. Ashoaib

Posts: 3276; Member since: Nov 15, 2013

So called secure OS over andriod... this report proves security is not the measure of ranking for ios

3. RaKithAPeiRiZ

Posts: 1488; Member since: Dec 29, 2011

This comes just after apple released patchwork for the SSL vulnerability , i wonder how safe ios now really is

5. Droid_X_Doug

Posts: 5993; Member since: Dec 22, 2010

There would seem to be a number of undisclosed zero-day hacks, given the services advertised by white-hat hackers for government agencies.

4. PapaSmurf

Posts: 10457; Member since: May 14, 2012

I updated my iPad Mini because of a security flaw.. Damn it Apple.

7. Droid_X_Doug

Posts: 5993; Member since: Dec 22, 2010

Magic 8-Ball says another update is in your future.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.