iPhone/iPad Keyloggers Demoed by FireEye

Apple is just not having a great week on the security front, are they?

Just a few days after a massive SSL/TLS encryption scandal hit the newsstands, ArsTechnica is reporting that they had spotted a major flaw in the iOS architecture which allows rudimentary keyloggers and screengrabbers to operate incognito on our iPhones and iPads without the average user becoming any the wiser.

Increasingly famous security outfit FireEye has apparently developed a proof-of-concept app which is fully functional as a background app both on jailbroken and non-jailbroken devices. The code enabled engineers at the firm to covertly install and run a keylogging application which could, in theory, be distributed to phones all over the world via a corrupted contribution to the App Store.

“We have created a proof-of-concept “monitoring” app on non-jailbroken iOS 7.0.x devices. This “monitoring” app can record all the user touch/press events in the background, including, touches on the screen, home button press, volume button press and TouchID press, and then this app can send all user events to any remote server, as shown in Fig.1. Potential attackers can use such information to reconstruct every character the victim inputs.”

By exploiting the same function that allows programs like Pandora and Spotify to continue playing music outside of the normal parameters of a “background program”, researchers were able to sneak an instruction that secretly recorded and reported all the activity on the phone back to a server hidden behind standard proxy tactics.

FireEye

Dubbed “TheBackgrounder” (seen above), the program was able to freely access the homescreen, and any app that was opened by an external input. Researchers originally claimed their design was only able to exploit the most recent 7.0.4 build of iOS on an iPhone 5s, but added shortly after that the threat does in fact exist on all current distributions of the mobile operating system.

For now, the only potential fix FireEye could suggest is to keep a close eye on the apps that are running in your phone at all times, and regularly check the task manager to be sure nothing has been launched or initiated without your permission first.