Researchers have known for some time that jailbroken iOS 7 devices can be vulnerable to a keylogger that records and transmits every key stroke or touch. Now, a security firm has found a similar flaw in non-jailbroken iOS devices.
A proof-of-concept “monitoring” app, developed by FireEye and described in its blog on Monday night, can record and transmit in the background all touch or press events, including screen touches, home button press, volume button press, and TouchID press.
The app works on versions 7.0.4, 7.0.5, 7.0.6, and 6.1.x.
It can be installed via phishing or through a weakness in another app, the researchers said, and it can get through Apple’s review process. FireEye said it is “collaborating with Apple on this issue.”
Users can turn off “Background App Refresh,” which could help prevent the app from monitoring. But, FireEye points out, background music in an app does not need Refresh permission, and a malicious app could pretend to be background music.
FireEye recommends a more reliable fix until Apple has one: Stop apps from running in the background through task manager:
“iOS7 users can press the Home button twice to enter the task manager and see preview screens of apps opened, and then swipe an app up and out of preview to disable unnecessary or suspicious applications running [in] the background.”
For keyloggers, smartphones and tablets are the new frontier — they are not only new platforms, but much of their input is via a touchscreen instead of alphanumerics. Another security firm, Trustwave, recently announced that it has been able to create proof-of-concept malware for Android smartphones/tablets and jailbroken iOS devices that captures and transmits screenshots and X-Y coordinates of touches.
News of this most recent keylogger vulnerability comes on the heels of fixes for other iOS 7 issues. Most recently, Apple released on Friday version 7.0.6 to fix SSL encryption used to protect confidential info.