Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Alleged iOS Security Flaw Enables Malicious Apps to Secretly Log User Touch Inputs
- Thread starter MacRumors
- Start date
- Sort by reaction score
You can infer some semantics based on the fixed screen positions of UI elements.
For example, the keyboard is always at the same position on the screen, so it would be possible to reconstruct any data entered like usernames & passwords, SMS messages, etc. Same goes for the dialer and passcode keypads.
Of course we won't get a response.
I love Apple products but the business model that forces software and hardware into obsolescence is one negative and this keeping schtum on security is what's most maddening.
The hardware and software I can find almost 100% functional workarounds for with the help of forums like this so the problem is mitigated somewhat. (MP 1,1 running ML for instance). But the Security things leave you in the dark and feeling vulnerable.
Now we know what flappy bird was really doing....
Obviously Apple needs to fix this. In the meantime, let close all our background Apps and think about cleaning up all the less reputable Apps that we have installed. And let's remember that just because the App Store is curated by Apple, it does not mean I that somewhere malicious App can't sneak it way in.
Obviously Apple needs to fix this. In the meantime, let close all our background Apps and think about cleaning up all the less reputable Apps that we have installed. And let's remember that just because the App Store is curated by Apple, it does not mean I that somewhere malicious App can't sneak it way in.
The only response I care about is the quick release of a patch to fix the vulnerability that doesn't require waiting for the next iOS upgrade. Other than that, the only response Apple could give would be to acknowledge the security hole, say that they're working on it, and provide a temporary workaround. In this case, the workaround is to disable "questionable" apps running in the background, which might cause more confusion than good.
For better or worse, iOS is going to be a target, and Apple will just have to do its best to stay ahead of the game when it can and release patches rapidly when vulnerabilities come to light.
My thoughts exactly.
----------
It didn't use to, a type of multi-tasking, background updates etc, was added i(in iOS7?). That's my understanding anyway.
It's inevitable that more and more security bugs will start to be discovered now that iOS usage is at a significant level (which apple has not had previously).
In my view apple should be more communicative about the security issues - it does not really help keeping it quiet. I don't think it will ever be as bad as the microsoft saga in 2004 but they may need to have a bit of a security purge over the next few months.
Oh c'mon, how is our country supposed to make money in this era where the military industrial complex is running on all cylinders? Those RPGs don't exactly launch themselves, yo.
Security
So, we are told basically do not go I to any non-trusted wifi, e.g. Airport or hotel. I am traveling in a few days so what do I do? Can anyone more versed thean me tell me? VPN? Use iPhone as router so it's not using the totally accessible wifi?
So, we are told basically do not go I to any non-trusted wifi, e.g. Airport or hotel. I am traveling in a few days so what do I do? Can anyone more versed thean me tell me? VPN? Use iPhone as router so it's not using the totally accessible wifi?
What would actually be useful here is for somebody to tell us WHICH apps are to blame here.
Yes why can't we know what apps have done this?
Repost from that other security article... same message
If Apple (and all companies) don't work with independent, third party security firms, this is one reason why they should. Increasingly we are putting our most private information in the cloud and transmitting it daily. Apple needs to step up and have their systems/software tested/hacked by firms which they hire so these issues can be found out before mass release. Some of the stuff that has gotten by Apple in the past was pretty crazy how it wasn't caught. Some stuff has little impact in day to day use. This one is big however.
If Apple (and all companies) don't work with independent, third party security firms, this is one reason why they should. Increasingly we are putting our most private information in the cloud and transmitting it daily. Apple needs to step up and have their systems/software tested/hacked by firms which they hire so these issues can be found out before mass release. Some of the stuff that has gotten by Apple in the past was pretty crazy how it wasn't caught. Some stuff has little impact in day to day use. This one is big however.
Well, you may have cut and pasted the message from the other thread, but it doesn't really apply here, at all. First of all, this is a "proof of concept" demo made by a security firm who is working with Apple to resolve the issue. It requires that a). someone else has discovered the same method, b). has managed to sneak it onto the Appstore. c). has managed to get their app popular enough for a lot of people to download and d). that you actually have installed this app yourself.
That's a good idea. The other thing is, that they do not learn from their own software:
http://apple.stackexchange.com/ques...e-keyboard-entry-menu-item-in-terminal-app-do
A similar option in the iOS preferences would solve the problem (AFAIK).
It sounds like they submitted a bug report...
Hopefully engineering has everything they need, otherwise this might be a while.
----------
*closes flappy bird...*