iOS 7 has dangerous keylogging vulnerability

27 Comments

When it rains, it pours. Sadly for Apple, it seems the company just cannot catch a break. Most recently, a nasty SSL bug was discovered in both iOS and OSX, which potentially enabled man-in-the-middle attacks and lessened security. While iOS was patched pretty quickly, OS X ws not patched until earlier today.

While that alone is enough to damage a company's reputation on security, yet another Apple vulnerability has surfaced today. Security firm FireEye has discovered a keylogging-like bug in iOS 7, which could allow evil-doers to track all touchscreen and button presses.

"Background monitoring mobile applications has become a hot topic on mobile devices. Existing reports show that such monitoring can be conducted on jailbroken iOS devices. FireEye mobile security researchers have discovered such vulnerability, and found approaches to bypass Apple's app review process effectively and exploit non-jailbroken iOS 7 successfully. We have been collaborating with Apple on this issue", says FireEye.

The security firm further explains, "we have created a proof-of-concept 'monitoring' app on non-jailbroken iOS 7.0.x devices. This 'monitoring' app can record all the user touch/press events in the background, including, touches on the screen, home button press, volume button press and TouchID press, and then this app can send all user events to any remote server [...] Potential attackers can use such information to reconstruct every character the victim inputs".

Sadly, this bug even affects the recently released 7.0.6, which patched the SSL bug. The security firm is already working with Apple, so 7.1 will likely fix this vulnerability. However, users shouldn't be forced to wait that long -- 7.1 does not even have a definitive date yet. Hopefully Apple can get a patch out quicker.

In the interim, FireEye suggests closing all unnecessary apps by double tapping the home button and swiping up to close them. Even if you trust the app or it serves a valid purpose, there is no telling if this malicious code could be hidden inside. In other words, by design, hackers could hide the code in something like Flappy Bird. Even though the game runs and functions, it could be tracking you too.

Image Credit:  Eric Von Seggern/Shutterstock

27 Comments

27 Responses to iOS 7 has dangerous keylogging vulnerability

Got News? Contact Us

Recent Headlines

We're not going to deal with today's IT admin issues with yesterday's technology

AI-powered data management: Navigating data complexity in clinical trials

Workforces need the skills to defend against AI-enabled threats

Overcoming real-time data integration challenges to optimize for surgical capacity and better care

From Windows XP to Windows 10 -- How Microsoft's end-of-life nag screens have changed

Pour one out for the Linux homies: Fedora 40 released

Phishing attacks up 60 percent driven by AI

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.0 'pl'

62 Comments

The stunning Windows 13 -- yes, 13! -- is the Microsoft operating system we want

20 Comments

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

18 Comments

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

17 Comments

Outrageous: Microsoft to charge $61 for Windows 10 updates -- consider switching to Linux!

17 Comments

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

16 Comments

Microsoft releases preview version of Office 2024 for Windows and macOS -- download it now!

12 Comments

Easter giveaway! Get a licensed copy of 'VideoProc Converter for Windows/Mac' (worth $78.90) for FREE

10 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.