SI
SI
discoversearch

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor.  We ask that you disable ad blocking while on Silicon Investor in the best interests of our community.  If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.
Technology Stocks : Apple Inc.
AAPL 269.64-0.2%Nov 6 3:59 PM EST
 Public ReplyPrvt ReplyMark as Last ReadFilePrevious 10Next 10PreviousNext  
From: sylvester802/27/2014 9:27:18 AM
3 Recommendations

Recommended By
Ryan Bartholomew
Sr K
zax

  Read Replies (1) of 213172
 
iOS 7 has dangerous keylogging vulnerability
By Brian FagioliPublished 2 days ago
betanews.com
When it rains, it pours. Sadly for Apple, it seems the company just cannot catch a break. Most recently, a nasty SSL bug was discovered in both iOS and OSX, which potentially enabled man-in-the-middle attacks and lessened security. While iOS was patched pretty quickly, OS X ws not patched until earlier today.

While that alone is enough to damage a company's reputation on security, yet another Apple vulnerability has surfaced today. Security firm FireEye has discovered a keylogging-like bug in iOS 7, which could allow evil-doers to track all touchscreen and button presses.

"Background monitoring mobile applications has become a hot topic on mobile devices. Existing reports show that such monitoring can be conducted on jailbroken iOS devices. FireEye mobile security researchers have discovered such vulnerability, and found approaches to bypass Apple's app review process effectively and exploit non-jailbroken iOS 7 successfully. We have been collaborating with Apple on this issue", says FireEye.

The security firm further explains, "we have created a proof-of-concept 'monitoring' app on non-jailbroken iOS 7.0.x devices. This 'monitoring' app can record all the user touch/press events in the background, including, touches on the screen, home button press, volume button press and TouchID press, and then this app can send all user events to any remote server [...] Potential attackers can use such information to reconstruct every character the victim inputs".

Sadly, this bug even affects the recently released 7.0.6, which patched the SSL bug. The security firm is already working with Apple, so 7.1 will likely fix this vulnerability. However, users shouldn't be forced to wait that long -- 7.1 does not even have a definitive date yet. Hopefully Apple can get a patch out quicker.

In the interim, FireEye suggests closing all unnecessary apps by double tapping the home button and swiping up to close them. Even if you trust the app or it serves a valid purpose, there is no telling if this malicious code could be hidden inside. In other words, by design, hackers could hide the code in something like Flappy Bird. Even though the game runs and functions, it could be tracking you too.
Report TOU ViolationShare This Post
 Public ReplyPrvt ReplyMark as Last ReadFilePrevious 10Next 10PreviousNext  

HomeMailHotSubjectMarksPeopleMarksKeepersSettings
Terms Of UseContact UsCopyright/IP PolicyPrivacy PolicyAbout UsFAQAdvertise on SI
© 2025 Knight Sac Media.  Data provided by Twelve Data, Alpha Vantage, and CityFALCON News