Touch input being monitored in the background  (Source: FireEye)
No fix from Apple for this issue yet

Security researchers have already proven that apps can be placed on Jailbroken iOS devices that enable background monitoring by third parties. However, security researchers from FireEye have announced that they have found a vulnerability on iOS 7 devices that allows the bypassing of the official app review process and allows the exploitation of iOS device that aren’t even jailbroken.
The researchers say that they created a proof-of-concept monitoring app that is able to record all the user’s touch/press events in the background. The app can also record touches on the screen, home button presses, volume button presses, and Touch ID presses. That data can then be sent to any remote server.
Attackers using this vulnerability could then use the data to reconstruct all the characters entered in by the victim.  The demo app that the researchers created exploits iOS 7.0.4 on a non-jailbroken iPhone 5S smartphone. The exploit has also been verified as working on iOS 7.0.5, 7.0.6, and 6.1.x.
The researchers say that users of iOS 7 can turn off Background App Refresh to mitigate the vulnerability, however, music apps are able to play music in the background without needing to enable Background App Refresh. That means that apps can disguise themselves as a music app to conduct background monitoring. 
The researchers say that until Apple issues a fix, the only way to stop this is to stop all apps from running in the background.
Word of this exploit comes just days after Apple patched a serious SSL flaw in both OS X Mavericks and iOS 7.

Source: Fireeye

"We can't expect users to use common sense. That would eliminate the need for all sorts of legislation, committees, oversight and lawyers." -- Christopher Jennings
Latest Headlines

Latest Blog Posts

Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki