Mobile

Another iOS 7 vulnerability could allow a keylogger on non-jailbroken devices

Above: Jailbreaking iOS 7.0.6.

Image Credit: RedmondPie

Researchers have known for some time that jailbroken iOS 7 devices can be vulnerable to a keylogger that records and transmits every key stroke or touch. Now, a security firm has found a similar flaw in non-jailbroken iOS devices.

A proof-of-concept “monitoring” app, developed by FireEye and described in its blog on Monday night, can record and transmit in the background all touch or press events, including screen touches, home button press, volume button press, and TouchID press.

The app works on versions 7.0.4, 7.0.5, 7.0.6, and 6.1.x.

It can be installed via phishing or through a weakness in another app, the researchers said, and it can get through Apple’s review process. FireEye said it is “collaborating with Apple on this issue.”

Users can turn off “Background App Refresh,” which could help prevent the app from monitoring. But, FireEye points out, background music in an app does not need Refresh permission, and a malicious app could pretend to be background music.

FireEye recommends a more reliable fix until Apple has one: Stop apps from running in the background through task manager:

“iOS7 users can press the Home button twice to enter the task manager and see preview screens of apps opened, and then swipe an app up and out of preview to disable unnecessary or suspicious applications running [in] the background.”

For keyloggers, smartphones and tablets are the new frontier — they are not only new platforms, but much of their input is via a touchscreen instead of alphanumerics. Another security firm, Trustwave, recently announced that it has been able to create proof-of-concept malware for Android smartphones/tablets and jailbroken iOS devices that captures and transmits screenshots and X-Y coordinates of touches.

News of this most recent keylogger vulnerability comes on the heels of fixes for other iOS 7 issues. Most recently, Apple released on Friday version 7.0.6 to fix SSL encryption used to protect confidential info.

More information:

Apple designs and markets consumer electronics, computer software, and personal computers. The company's best-known hardware products include the Macintosh line of computers, the iPod, the iPhone and the iPad. Apple software includes t... read more »

Powered by VBProfiles


Mobile developer or publisher? VentureBeat is studying mobile marketing automation. Fill out our 5-minute survey, and we'll share the data with you.
0 comments