Security Researchers Discover Way to Log Touch Input on iOS Devices
February 26, 2014 9:22 AM
Touch input being monitored in the background
No fix from Apple for this issue yet
Security researchers have already proven that apps can be placed on Jailbroken iOS devices that enable background monitoring by third parties. However, security researchers from FireEye have announced that they have found a vulnerability on iOS 7 devices that allows the bypassing of the official app review process and allows the exploitation of iOS device that aren’t even jailbroken.
The researchers say that they created a proof-of-concept monitoring app that is able to record all the user’s touch/press events in the background. The app can also record touches on the screen, home button presses, volume button presses, and Touch ID presses. That data can then be sent to any remote server.
Attackers using this vulnerability could then use the data to reconstruct all the characters entered in by the victim. The demo app that the researchers created exploits iOS 7.0.4 on a non-jailbroken iPhone 5S smartphone. The exploit has also been verified as working on iOS 7.0.5, 7.0.6, and 6.1.x.
The researchers say that users of iOS 7 can turn off Background App Refresh to mitigate the vulnerability, however, music apps are able to play music in the background without needing to enable Background App Refresh. That means that apps can disguise themselves as a music app to conduct background monitoring.
The researchers say that until Apple issues a fix, the only way to stop this is to stop all apps from running in the background.
Word of this exploit comes just days after Apple patched a serious SSL flaw in both
OS X Mavericks
"So, I think the same thing of the music industry. They can't say that they're losing money, you know what I'm saying. They just probably don't have the same surplus that they had." -- Wu-Tang Clan founder RZA
Nintendo Announced Next Game Machine to be Portable “handheld”.
October 21, 2016, 5:00 AM
Do you hate to do yard work?
October 20, 2016, 5:00 AM
Smart Technology Mood Collar To Understand Your Dog’s Emotions
October 17, 2016, 5:00 AM
iBeat: A heart monitoring smartwatch that can save lives by Monique C. Bethell, Ph.D
October 8, 2016, 10:25 AM
How Difficult it is to Buy Electronics
October 7, 2016, 6:00 AM
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
Most Popular Articles
Problems with Windows 10 – Update Now
October 15, 2016, 7:30 AM
End of the Road for the Audi R8 e-tron
October 15, 2016, 5:00 AM
Is Razer Blade Stealth Laptop For You?
October 16, 2016, 5:00 AM
Bluetooth Saves Lives
October 16, 2016, 7:05 AM
IBM – Cloud Object Storage Cheaper than Amazon S3
October 14, 2016, 5:00 AM
Latest Blog Posts
Nasa Flies Drones at Nevada Airport
Oct 21, 2016, 8:21 AM
T-Mobile Data Problems
Oct 20, 2016, 10:17 AM
Annoying Apple Watch Problems and How to Fix Them
Oct 20, 2016, 5:00 AM
Your Mail May Soon Be Delivered By Robot
Oct 19, 2016, 9:34 AM
2018 Jeep Wrangler Prototype Sells At Junkyard
Oct 18, 2016, 5:00 AM
Samsung Shines with Gold Edition Tablet
Oct 17, 2016, 9:24 AM
Tesla Hints Mysterious Product Debut for October 17th
Oct 16, 2016, 10:14 AM
Samsung Galaxy Note 7 Phones on US flights
Oct 15, 2016, 5:00 AM
Comcast Fined $2.3 Million For Unconfirmed Services Charged To Customers
Oct 14, 2016, 5:00 AM
“American singer / songwriter “Bob Dylan is awarded 2016 Nobel Prize in Literature.
Oct 13, 2016, 10:33 AM
Battery Defect in Medical Device
Oct 12, 2016, 5:00 AM
IBM Bolsters Social Services Sector With Technology Grants
Oct 11, 2016, 5:00 AM
Scientists Sound Alarm on Climate but US Still Toys With Skepticism
Oct 10, 2016, 5:00 AM
IMEX America Trade Show
Oct 9, 2016, 10:00 AM
Phone Wars – Google VS Samsung Free Gifts on Purchase
Oct 6, 2016, 5:00 AM
Member of Parliament’s opposition car exploded in Tbilist capital of Georgia
Oct 5, 2016, 2:52 PM
US Government Cuts Cord On Internet Oversight
Oct 3, 2016, 10:34 AM
Are farm children less likely to have allergies and asthma in adulthood?
Sep 30, 2016, 5:00 AM
More Blog Posts
Copyright 2016 DailyTech LLC. -
Terms, Conditions & Privacy Information