iOS security hole allows malicious apps to track your keystrokes

By on February 25, 2014, 6:45 PM

It's been only days since Apple fixed the wide spread iOS security flaw that made headlines, and now another issue has surfaced. A network security company has spotted another hole that is allowing malicious software to watch your every move.

Security firm FireEye spotted the issue and was able to get a dummy app onto the App Store to prove it, a technique many security groups use as proof of concept. The particular security flaw at hand, which is present on the newest version of iOS, allows for apps to track your keystrokes made possible by iOS 7's multitasking features. The process will track your moves while running as a background process, potentially without the users knowledge.

FireEye explained its proof of concept app further saying this "monitoring app can record all the user touch/press events in the background, including touches on the screen, home button press, volume button press and TouchID press, and then this app can send all user events to any remote server," the company explained. It goes on to say that it was able to exploit this vulnerability on iOS 7.0.4 as well as iOS 7.0.5, 7.0.6 and 6.1.x.

Fortunately from the sounds of it, this security flaw can only be exploited when you download something you shouldn't. While we are waiting for Apple to patch things up, reports say that even if something does hit your system in this way, it can be easily rectified by paying close attention to your background processes and then ditching anything shady.




User Comments: 19

Got something to say? Post a comment
captaincranky captaincranky, TechSpot Addict, said:

This can't be......oh, no..................!

Oh well, Christianity teaches us that , "admission absolves guilt". You're in the clear, Apple.

1 person liked this | Guest said:

Apple may have imperfections, but its as good as it gets. Have something better? By all means, bring it to market.

captaincranky captaincranky, TechSpot Addict, said:

Could we have a new category of guest poster? I'm hoping for, "visiting shill".

Guest said:

Sometimes when you have nothing intelligent to say, it's best to say nothing at all...

captaincranky captaincranky, TechSpot Addict, said:

Sometimes when you have nothing intelligent to say, it's best to say nothing at all...
And that's what a guest says when they have nothing of interest to contribute.

1 person liked this | captaincranky captaincranky, TechSpot Addict, said:

Is this what you're trying to say?

If you want to try, "cute", you should learn how to make best use of the forum's software.

m4a4 m4a4 said:

Fine, I'll actually take more than a few seconds for this

captaincranky captaincranky, TechSpot Addict, said:

....[ ]....Fine, I'll actually take more than a few seconds for this
So, it's a chore, that you're trying to make sound like a favor?

Skidmarksdeluxe Skidmarksdeluxe said:

There will never be such a thing as crackproof software but if I could ever invent such a thing, Bill Gates will show up on my doorstep for a loan and the NSA will put a out a hit contract on me.

1 person liked this | Nobina Nobina said:

Apple may have imperfections, but its as good as it gets. Have something better? By all means, bring it to market.

If Apple broke into your house and murdered your children you would definitely say the same thing. That's what being an Apple fanboy is like.

1 person liked this | Skidmarksdeluxe Skidmarksdeluxe said:

Apple may have imperfections, but its as good as it gets. Have something better? By all means, bring it to market.

If Apple broke into your house and murdered your children you would definitely say the same thing. That's what being an Apple fanboy is like.

I very much doubt Apple will ever break into anybodies house and murder their kids but they sure as hell are the experts at murdering gullible peoples bank balances.

Kibaruk Kibaruk, TechSpot Paladin, said:

Sometimes when you have nothing intelligent to say, it's best to say nothing at all...
And that's what a guest says when they have nothing of interest to contribute.

How cute Captaincranky spanking a guest for not making any contribution.

BTT (BackToTopic) I love this news for whenever a fanboy tells me iOS is more secure than Android systems and how we should all be using their solutions :P

Guest said:

Actually they did break into someone's house, but luckily didn't murder anyone. The guy was a journo and got his hands on an iPhone prototype. Naturally Apple went completely berserk and stormed his house like he was a terrorist about to set off a nuke.

m4a4 m4a4 said:

So, it's a chore, that you're trying to make sound like a favor?

Yuuuuuuup. Best part is that this comment only took 6 seconds!

captaincranky captaincranky, TechSpot Addict, said:

How cute Captaincranky spanking a guest for not making any contribution.
I'd be happy if I could get punctuation done correctly by you. Why don't you get off the web once in a while, and take an English course?

Yay! Another round of free spankings, on Cranky.

How are those copper socks working out for you? Try taking one shoe off, standing in a puddle, and hold an umbrella in the other hand. You'll should get TV reception, and need no longer worry if you don't have money for the cable bill.....

BTT (BackToTopic)
Oo....., I love cool interweb acronyms.
I love this news for whenever a fanboy tells me iOS is more secure than Android systems and how we should all be using their solutions
It must be, "spank a fanboi day", at Techspot. Or at least, "talk behind one's back day"! Way to contribute.....(y) IJLaL! (I Just Learned a Lot.... )!

Actually they did break into someone's house, but luckily didn't murder anyone. The guy was a journo and got his hands on an iPhone prototype. Naturally Apple went completely berserk and stormed his house like he was a terrorist about to set off a nuke.

Apple is allowed to have a police force, which can summarily break into peoples houses? :eek: If they do, that's really scary.

Yuuuuuuup. Best part is that this comment only took 6 seconds!

..............................(y)

Kibaruk Kibaruk, TechSpot Paladin, said:

I bet you read your articles all over again and again, you love to go on about people not adding anything to the topic when you are not either, over and over, it's actually funny how you do exactly what you complain about among your half assed troll-rants.

BTW IJLaL from your contributions on this thread, as usual! Keep up the good work Captain!

PS: Your "apple police" add as much as "hate a fanboy day"

Kibaruk Kibaruk, TechSpot Paladin, said:

Why don't you get off the web once in a while

Madness!

captaincranky captaincranky, TechSpot Addict, said:

I bet you read your articles all over again and again, you love to go on about people not adding anything to the topic when you are not either, over and over, it's actually funny how you do exactly what you complain about among your half assed troll-rants.

BTW IJLaL from your contributions on this thread, as usual! Keep up the good work Captain!

PS: Your "apple police" add as much as "hate a fanboy day"

When you come down to it, there isn't much to be said about this topic. The staff puts things like this up, because it's arguably, "news", and because they get paid to do so. It really isn't. Security flaws are found day in, day out, in everybody's software.

The only thing noteworthy here, is that Apple finally admitted to one.

So, inevitably, and Apple droog, wil ring in and say, "Apple's the best", and you, (or somebody like you), will troll back. While denying it the whole time, and most likely, telling yourself you're, "contributing".

PS, I love to listen to your little rants, pouts, and temper tantrums, laced with profanity, and directed at me. Wouldn't you be whimpering if someone was doing that to you, little man? :'(

Fine, I'll actually take more than a few seconds for this

Pictures like this, are really nothing but internet memes. Other forums even have emoticons for this.

So, you're going to eat popcorn and watch the show, are you?

And should we be on notice that you think you're above the fray? Are you condescending to us? (or me in particular)

I interpret it that you have nothing to add. Don't worry, it's just my oddball belief system in play. You're real cool, man......

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.