Bad Apples are everywhere...

Last night, security researchers over at FireEye released a security bulletin identifying a flaw in iOS 7. This hack, which monitors all touches the user makes, enables tracking of TouchID presses, all key presses, home button presses and volume control presses. This exploit identifies yet another vulnerability in Apple software, as another exploit identified a few days ago enable hackers to bypass the encryption in many browsers and apps, allowing eavesdropping of passwords and other critical data. While this previous flaw has been patched for mobile, as there are infinitely more mobile users of Apple's products than OS X device users, the OS X flaw is STILL UNFIXED. 

ios-keylogging.png

FireEye explains the flaw in detail: "We have created a proof-of-concept "monitoring" app on non-jailbroken iOS 7.0.x devices. This “monitoring” app can record all the user touch/press events in the background, including, touches on the screen, home button press, volume button press and TouchID press, and then this app can send all user events to any remote server, as shown in Fig.1. Potential attackers can use such information to reconstruct every character the victim inputs.

Note that the demo exploits the latest 7.0.4 version of iOS system on a non-jailbroken iPhone 5s device successfully. We have verified that the same vulnerability also exists in iOS versions 7.0.5, 7.0.6 and 6.1.x. Based on the findings, potential attackers can either use phishing to mislead the victim to install a malicious/vulnerable app or exploit another remote vulnerability of some app, and then conduct background monitoring. 

iOS7 provides settings for "background app refresh". Disabling unnecessary app's background refreshing contributes to preventing the potential background monitoring. However, it can be bypassed. For example, an app can play music in the background without turning on its "background app refresh" switch. Thus a malicious app can disguise itself as a music app to conduct background monitoring.

Before Apple fixes this issue, the only way for iOS users to avoid this security risk is to use the iOS task manager to stop the apps from running in the background to prevent potential background monitoring. iOS7 users can press the Home button twice to enter the task manager and see preview screens of apps opened, and then swipe an app up and out of preview to disable unnecessary or suspicious applications running on the background, as shown in Fig.3.

We conducted this research independently before we were aware of this recent report. We hope this blog could help users understand and mitigate this threat further."

This series of exploits of flaws in Apple software has sent the Apple user community in an uproar, as Apple, with it's minute user marketshare in the computer market, was though by many of it's users to be impervious to hacks. Now that it's user base is growing, we are seeing more opportunity for hackers to create problems. It is important that Apple get ahead of these problems quickly to maintain user confidence.