Tuesday, 25 February 2014

Beware: a security hole in non-jailbroken iOS devices allows apps to "keylog" you


Beware: a security hole in non-jailbroken iOS devices allows apps to "keylog" you
 It seems that a new breach in iOS allows malicious apps to "sniff" and record touch input, as well as key press events, enabling wrongdoers to take advantage of a user's valuable information. According to FireEye,a network security company that discovered the flaw, even non-jailbroken iOS mobile devices are sucseptible to this security threat, even these that run the latest version of the platform – 7.0.4, 7.0.5, 7.0.6.
FireEye explains that they have developed a "monitoring app", which takes advantage of both the multitasking and the "background app refresh" features of iOS. Once started, the app disguises itself as, say, a music app. This prevents the system from suspending the malicious software, which collects all user events and sends them to a remote server.

Fortunately, users can thwart any event monitoring by opening the iOS task manager and manually closing any suspicious apps that are running on their device. FireEye also claims that it's cooperating with Apple on the issue.




 
source: FireEye via AppleInsider

No comments:

Post a Comment