TweakTown

Another iOS security flaw found, allows apps to track your keystrokes

Security firm FirmEye found that iOS does not have any safeguard against malicious apps that can record keystrokes and send information to a server.

Published Wed, Feb 26 2014 8:10 AM CST   |   Updated Sat, Aug 8 2020 10:29 AM CDT

Just a day after releasing a fix for authenticating SSL certificates, there's another security flaw found in iOS that's equally dangerous. It was recently found that iOS allows a malicious apps to keep a track on your keystrokes.

Another iOS security flaw found, allows apps to track your keystrokes 1 | TweakTown.com
VIEW GALLERY - 2 IMAGES

This flaw was found by a security firm called FirmEye. To prove that this flaw exists, the security firm uploaded a dummy app in Apple's app store. The dummy app was able to record touch and keystrokes when changing wallpaper, pressing buttons like home, volume up/down and TouchID buttons. The app then sent the records to a remote server. According to the security company, attackers can use these information for reconstructing every character that the victim uses to access any types of accounts.

It was also pointed out via FireEye's blog post that this exploit works even with the latest apple devices with iOS 7.0.4 non-jailbroken. It was also being found that the same vulnerability was in 6.1.x, 7.0.5 and 7.0.6 versions.

Another iOS security flaw found, allows apps to track your keystrokes 2 | TweakTown.com

The fact should be noted by users that even though you shouldn't use any suspicious app, the app which records keystrokes and sends information to a remote server was downloaded from the app store. Also, as the security firm clearly said, attackers can mislead a victim to download and install such apps to track keystrokes.

After being a long time PC enthusiast and a former contributor for many Indian based PC and Tech forums, Roshan now joins TweakTown covering tech news and also any developments from India. Like many enthusiasts, with years of being involved in many Indian tech forums and running his own tech site, he's commonly referred by his forum nickname 'The Sorcerer' by many old and new fellow PC enthusiasts, followed by few companies from time to time. He's also the winner of the TweakTown's Computex 2012 Taipei trip. If any free time is left, Roshan prefers to play FPS games.

Related Tags

Newsletter Subscription

Latest News

View More News

Latest Reviews

View More Reviews

Latest Articles

View More Articles