Apple

New iOS Bug allows your keystrokes to be recorded

Judge Limits Apple Antitrust Monitor, Rejects Appeal

Apple have been the highlight of a high profile bug in their iOS and OS X platforms recently with the SSL bug recently reported. Apple rolled out the patch to address that exploit, but a new report shows yet another vulnerability in iOS which this time allows attackers to access, record, and monitor every single touch you make on your device, including keystrokes on the keyboard.

The new vulnerability in iOS was discovered by FireEye and is present on non-Jailbroken iPhones and iPads running iOS version 7.0.4, 7.0.5, and 7.0.6, as well as those running on 6.1.x.

FireEye demonstrates that they’ve created a proof of concept monitoring App in collaboration with Apple that records touch events for a user in the background without their consent or knowledge.

We have created a proof-of-concept “monitoring” app on non-jailbroken iOS 7.0.x devices. This “monitoring” app can record all the user touch/press events in the background, including, touches on the screen, home button press, volume button press and TouchID press, and then this app can send all user events to any remote server, as shown in Fig.1. Potential attackers can use such information to reconstruct every character the victim inputs.

What can the iOS exploit record?

The new iOS vulnerability uses resources usually reserved for apps to run in the background to register presses on the screen, home button, volume button, and TouchID, recording the input and logging it all unknown by the user.

The monitoring app only logs the X and Y coordinates of the touch inputs on the screen, but that could quite easily be referenced out to identify the exact keys pressed.

ios bug

Whilst this app is in collaboration with Apple, the vulnerability could quite possibly and easily be utilised by an attacker, and use a phishing method to install a malicious app that could exploit it and begin recording activity.

A fix for the bug is apparently in the works and is pending approval to fix the vulnerability, but a fix in the meantime is for users to close apps running in the background to avoid any potential exploits that could be running.

Tags

Leave a Reply

avatar
  Subscribe  
Notify of
JannyGarrets
JannyGarrets

Nice information shared on iOS bugs which is very interesting and useful. Apple always known for the best and also serve the quality product to users. I appreciated from apple’s bug report that shows the vulnerability in iOS.