Technology content trusted in North America and globally since 1999
8,565 Reviews & Articles | 66,668 News Posts

Another iOS security flaw found, allows apps to track your keystrokes

Security firm FirmEye found that iOS does not have any safeguard against malicious apps that can record keystrokes and send information to a server

By: Roshan Ashraf Shaikh from Feb 26, 2014 @ 8:10 CST

Just a day after releasing a fix for authenticating SSL certificates, there's another security flaw found in iOS that's equally dangerous. It was recently found that iOS allows a malicious apps to keep a track on your keystrokes.


This flaw was found by a security firm called FirmEye. To prove that this flaw exists, the security firm uploaded a dummy app in Apple's app store. The dummy app was able to record touch and keystrokes when changing wallpaper, pressing buttons like home, volume up/down and TouchID buttons. The app then sent the records to a remote server. According to the security company, attackers can use these information for reconstructing every character that the victim uses to access any types of accounts.

It was also pointed out via FireEye's blog post that this exploit works even with the latest apple devices with iOS 7.0.4 non-jailbroken. It was also being found that the same vulnerability was in 6.1.x, 7.0.5 and 7.0.6 versions.


The fact should be noted by users that even though you shouldn't use any suspicious app, the app which records keystrokes and sends information to a remote server was downloaded from the app store. Also, as the security firm clearly said, attackers can mislead a victim to download and install such apps to track keystrokes.

Related Tags