New iOS security flaw discovered that allows covert keylogging

By , Feb 25, 2014

ios keylog

While the dust is far from settled on the nasty SSL bug found in iOS last week, a new security flaw in the mobile OS has been brought to light. The new flaw makes it possible for attackers to covertly log every touch a user makes, including keyboard and Touch ID presses.

Researchers at security firm FireEye made the discovery, saying in a blog post that the gap exists within iOS’ multitasking feature that allows for the background monitoring, and it can be exploited via a malicious app install or remotely via a separate app vulnerability…

Here’s the blog post via ArsTechnica:

“We have created a proof-of-concept “monitoring” app on non-jailbroken iOS 7.0.x devices. This “monitoring” app can record all the user touch/press events in the background, including, touches on the screen, home button press, volume button press and TouchID press, and then this app can send all user events to any remote server, as shown in Fig.1. Potential attackers can use such information to reconstruct every character the victim inputs.

Note that the demo exploits the latest 7.0.4 version of iOS system on a non-jailbroken iPhone 5s device successfully. We have verified that the same vulnerability also exists in iOS versions 7.0.5, 7.0.6 and 6.1.x. Based on the findings, potential attackers can either use phishing to mislead the victim to install a malicious/vulnerable app or exploit another remote vulnerability of some app, and then conduct background monitoring.”

Shortly after publishing the post, FireEye posted a separate brief that was quickly removed. But according to an RSS reader cache the firm claimed that it “delivered a proof-of-concept app through the App Store that records user activity and sends it to a remote server.”

The bad news is, the vulnerability has been confirmed to exist on non-jailbroken iPhones and iPads running iOS versions 7.0.4, 7.0.5, and 7.0.6, as well as those running on 6.1.x. The good news is, FireEye says that Apple is aware of the problem and is working on a fix.

  • Share:
  • Follow:
  • NeverNamed

    I guess iOS 7.0.7 is on his way…

    • abdullah575

      no iOS 7.1.0 or iOS 7.1.1

  • hkgsulphate

    wtf apple….

  • Kevin Meijers

    The once so secure iPhone…..

    • tstsr6

      So you think…..

    • Virus

      Was secure when Steve Jobs was still alive

      • Johannes Mertens

        This is total nonsense. The SSL Bug for example already existed when Steve Jobs was still leading Apple…
        Also the numerous exploits used in Jailbreaks are huge security flaws. They can be exploited for a Jailbreak or for malicious attacks. The “once so secure” iphone has never been “secure”.

      • http://www.bachsau.com/ Bachsau

        But always more secure than any android phone.

  • Leonard Wong

    Sad to know that both security flaw had been there since iOS 6 which is more than a year

  • http://GitHub.com/cc941201 CC-Dog

    Apple will reject app which monitors those.

    • https://twitter.com/MrElectrifyer MrElectrifyer

      They accepted FireEye’s app…

  • Chris

    1. Why post about the flaw publicly, why not submit the exploit to Apple directly and stop scaring the absolute crap out of people who don’t know better.

    2. A photo doesn’t prove anything, for all we know that data was being sent from a jailbroken device.

    3. The chances of an app like this making it on the app store is pretty much impossible, if Apple can reject an app for having the word “Flappy” I’m pretty sure they can detect background monitoring.

    • on3simpleclick

      Apps have flown under Apples’ radar before. No pun intended. lol

    • Cool

      They want to become known by posting this publicly.

    • Niclas

      1. “FireEye mobile security researchers have discovered such vulnerability,
      and found approaches to bypass Apple’s app review process effectively
      and exploit non-jailbroken iOS 7 successfully. We have been
      collaborating with Apple on this issue.”

      2. It is legit. And it is regarding a non JB device.

      3. FireEye did get their app aproved. The review process is 90% static analysis so apps can get passed it.

  • on3simpleclick

    Damn, another vulnerability? Apple’s being run off their feet at the moment.

  • Maxim∑

    “malicious/vulnerable app” That won’t happen, Apple does automated scanning of each app and then has a human manual check through. It takes us 6-7 days for our apps to get pushed to the Apple store because of this, out of 1.7 million app submissions less than 10 had malware

    I wouldn’t worry, and Safari mobile also gives you a warning if it detects a phishing site

    • Niclas

      FireEye did get their app aproved. The review process is 90% static analysis so apps can get passed it.

  • jack

    NSA

  • Sunny

    Wouldn’t be surprised if there are more vulnerabilities waiting to be discovered (or already found but not shared with public) especially a big company like Apple linked with big corporates and NSA and the sorts…

  • Bill Do

    Disabling background refresh prevents this.

    • Niclas

      The app can play audio, silently or disguised as an music app, defeating your suggestion.

  • Hyr3m

    hahaha ^^

  • Jonathan

    Government, is that you?

    • Yousef Diab

      HAHAHA XD

  • Joel Torres ツ

    So we can expect 6.1.7/7.0.7/7.1/7.1.2 soon.

  • DopamineAddicted

    yay for my iphone 4 on 5.0.1

  • Suraj Shah

    couldn’t this virus thing be hidden in some profile the app installs on the iphone? like how onavo does with their vpn service?