Security researchers identified a vulnerability in iOS that allows apps to record all touch screen and button presses while running in the background on non-jailbroken devices.
Since the touch screen is the primary input interface on an iOS device, this attack is the equivalent of keylogging. An attacker could use the captured touch data -- X and Y axes coordinates -- to determine what characters victims inputted using the on-screen keyboard.
The vulnerability has been confirmed in iOS versions 7.0.6, 7.0.5, 7.0.4 and 6.1.x by researchers from security firm FireEye who identified the issue and reported it to Apple. The researchers also claim they found ways to bypass Apple's app review process which could allow uploading an app with such touch screen monitoring capabilities in the App Store.
"We have created a proof-of-concept 'monitoring' app on non-jailbroken iOS 7.0.x devices," the FireEye researchers said Monday in a blog post. "This 'monitoring' app can record all the user touch/press events in the background, including, touches on the screen, home button press, volume button press and TouchID press, and then this app can send all user events to any remote server."
Full Article
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.