Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Feb 25, 2014, 03:37 AM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Alleged iOS Security Flaw Enables Malicious Apps to Secretly Log User Touch Inputs




Researchers from security firm FireEye have revealed a new bug in iOS that enables a malicious app to monitor and log a user's touch inputs and button uses while running in the background, reports Ars Technica. The exploit reportedly targets a flaw in iOS' multitasking capabilities to capture user inputs, and allows for them to be sent to a remote server.
To demonstrate the flaw, the researchers created a proof-of-concept monitoring app and developed approaches to "bypass" Apple's App Store Review process effectively. Once the app was installed on an iOS device, actions including keyboard inputs, use of the volume, home, and power buttons, screen touches with exact coordinates, and Touch ID events were all captured. The researchers also noted that disabling iOS 7's "Background App Refresh" setting would not disable a malicious app from logging data, as the only present solution to the problem is to manually remove apps from the task switcher.

FireEye also spoke about the flaw being identified in current versions of iOS:
Quote:
Note that the demo exploits the latest 7.0.4 version of iOS system on a non-jailbroken iPhone 5s device successfully. We have verified that the same vulnerability also exists in iOS versions 7.0.5, 7.0.6 and 6.1.x. Based on the findings, potential attackers can either use phishing to mislead the victim to install a malicious/vulnerable app or exploit another remote vulnerability of some app, and then conduct background monitoring.
The group added that it is actively working with Apple on the issue, although the company has yet to comment publicly. The news comes less than a week after Apple issued iOS 7.0.6 in response to a SSL vulnerability that allowed a hacker to capture or modify data from Safari in supposedly secure sessions.

The SSL security bug was also found to be present in OS X, as new research over the weekend revealed that additional apps such as FaceTime and iMessage could be compromised. Apple confirmed to Reuters that it will issue an OS X software update "very soon" to patch the bug.

Article Link: Alleged iOS Security Flaw Enables Malicious Apps to Secretly Log User Touch Inputs
MacRumors is offline   0 Reply With Quote
Old Feb 25, 2014, 03:38 AM   #2
Creep89
macrumors regular
 
Join Date: Mar 2012
Wow.. Apple.. Much secure
Creep89 is offline   12 Reply With Quote
Old Feb 25, 2014, 03:39 AM   #3
H2SO4
macrumors 65816
 
Join Date: Nov 2008
Quote:
Originally Posted by MacRumors View Post
S: The group added that they are actively working with Apple to fix the issue, as the company has yet to respond.
Business as usual then......
__________________
MP1,1. 30"ACD. 11GB
H2SO4 is offline   15 Reply With Quote
Old Feb 25, 2014, 03:47 AM   #4
Asclepio
macrumors 6502
 
Join Date: Jul 2011
welcome to the new microsoft.
Asclepio is offline   34 Reply With Quote
Old Feb 25, 2014, 03:48 AM   #5
AndrewMRiv
macrumors regular
 
Join Date: Oct 2013
Quote:
Originally Posted by Asclepio View Post
welcome to the new microsoft.
This is a sad day.
__________________
iMac 27" Late 2013 MacBook Pro 13" w Retina 2013 iPhone 5c Blue iPad Mini 1 White
---
My Apple Blog: andrewmriv.com/category/apple
AndrewMRiv is offline   6 Reply With Quote
Old Feb 25, 2014, 03:49 AM   #6
Macman45
macrumors G5
 
Macman45's Avatar
 
Join Date: Jul 2011
Location: Somewhere Back In The Long Ago
What would actually be useful here is for somebody to tell us WHICH apps are to blame here.
__________________
Thats Not All Folks
Macman45 is offline   3 Reply With Quote
Old Feb 25, 2014, 03:54 AM   #7
H2SO4
macrumors 65816
 
Join Date: Nov 2008
Quote:
Originally Posted by Macman45 View Post
What would actually be useful here is for somebody to tell us WHICH apps are to blame here.
See my post above, number 3.
__________________
MP1,1. 30"ACD. 11GB
H2SO4 is offline   1 Reply With Quote
Old Feb 25, 2014, 03:55 AM   #8
Merode
macrumors 6502
 
Join Date: Nov 2013
Location: Warszawa, PL
Another day, another loophole.
Merode is offline   6 Reply With Quote
Old Feb 25, 2014, 03:59 AM   #9
Mr. Retrofire
macrumors 601
 
Mr. Retrofire's Avatar
 
Join Date: Mar 2010
Location: www.emiliana.cl
The NSA can do the same (and more) via special software on the SIM or flash memory. They call it DROPOUTJEEP and GOPHERSET.



__________________

“Only the dead have seen the end of the war.”
-- Plato --
Mr. Retrofire is offline   11 Reply With Quote
Old Feb 25, 2014, 04:04 AM   #10
yjchua95
macrumors 68040
 
Join Date: Apr 2011
Location: Queenstown, NZ and Melbourne, VIC, Australia (current location)
Send a message via Skype™ to yjchua95
Yet another NSA techie is going to slam his head into the wall while saying "****! They found yet another loophole that I inserted!"
__________________
2 13" late-2013 rMBPs (base+maxed), maxed late-2013 rMBP 15", maxed early-2011 15", 2010 17", 2 maxed Haswell iMacs (21.5" and 27"), maxed 2012 mini, 2 12-core nMPs, maxed 2013 13" MBA
yjchua95 is offline   10 Reply With Quote
Old Feb 25, 2014, 04:08 AM   #11
Zxxv
macrumors 68000
 
Join Date: Nov 2011
Location: UK
Quote:
Originally Posted by MacRumors View Post
The researchers also noted that disabling iOS 7's "Background App Refresh" setting would not disable a malicious app from logging data, as the only present solution to the problem is to manually remove apps from the task switcher.
those people closing all their apps don't look so silly after all
Zxxv is offline   19 Reply With Quote
Old Feb 25, 2014, 04:10 AM   #12
macs4nw
macrumors 68020
 
macs4nw's Avatar
 
Join Date: Sep 2010
Location: On Safari…..
It's maddening that all this crap happens in the background, without the users knowledge.
__________________
Due to my aversion to bragging and clichés, no words of wisdom to be found on this line.....
macs4nw is offline   6 Reply With Quote
Old Feb 25, 2014, 04:17 AM   #13
iZac
macrumors 65816
 
iZac's Avatar
 
Join Date: Apr 2003
Location: Shanghai
This better not be lurking away in GBA4iOS!!!
__________________
Robert Goulden
http://www.robgoulden.com
iZac is offline   8 Reply With Quote
Old Feb 25, 2014, 04:23 AM   #14
Macman45
macrumors G5
 
Macman45's Avatar
 
Join Date: Jul 2011
Location: Somewhere Back In The Long Ago
Quote:
Originally Posted by H2SO4 View Post
See my post above, number 3.
Yep, but I bet we don't get a response...They'll just release yet another patch...I'm pretty conservative when it comes to Apps, but I do have SSH installed on phone and iPad....I may remove them for now.
__________________
Thats Not All Folks
Macman45 is offline   0 Reply With Quote
Old Feb 25, 2014, 04:23 AM   #15
GreyMatta
macrumors regular
 
Join Date: Jul 2007
Location: England
Quote:
Originally Posted by iZac View Post
This better not be lurking away in GBA4iOS!!!
I thought the exact same thing
__________________
15" rMBP - 27" TBD - 2 x MacMini - 4S
GreyMatta is offline   2 Reply With Quote
Old Feb 25, 2014, 04:36 AM   #16
ChromeCloud
macrumors newbie
 
Join Date: Jun 2009
Location: Italy
How is this even remotely considered a security issue?

Yes, every touch is logged, but none of the logs carry any semantic information about the touches.

What those guys have just demonstrated is of no use to an actual hacker. It would be like tapping a phone line and then only be able to know how many calls are placed each day.
ChromeCloud is offline   3 Reply With Quote
Old Feb 25, 2014, 04:36 AM   #17
ChazUK
macrumors 603
 
ChazUK's Avatar
 
Join Date: Feb 2008
Location: Essex (UK)
Be safe out there....
__________________
Windows 8 Desktop | iPhone 4s | iPad 2 | Nexus 5 | Nexus 7
ChazUK is offline   2 Reply With Quote
Old Feb 25, 2014, 04:40 AM   #18
Swift
macrumors 65816
 
Join Date: Feb 2003
Location: Los Angeles
Strange Cast of Characters

You know, "DropOutJeep" is a targeted action. It's somebody whose iPhone they want to hear. Does it change anything for you to realize that it will be used to find out things that the United States is better off knowing? Look at it. It is not for a large audience, nor would they ever get this information from Joe Blow. They want somebody who knows something, whose phone is very liable to contain some very useful information. Not peeking on somebody's girlfriend. Reading his e-mails to the Defense Minister of Country X.

Yeah, I know, "he who trades his freedom for security" and all that. But what about the guy who is so high-minded that the future goes all to hell?

Of all the kinds of military and state activity, I'm for cutting back the military to something more like "defense." I'm for the CIA stopping torture, not making military plans like Iraq; our intelligence services should have rules of engagement in foreign countries and with foreign nationals.

But I look at information intelligence as the name of the game. If we can figure out what the Iranians are likely going to do about their nuclear program, we can make our policies fit reality. We wouldn't need signals intelligence if everybody told us exactly what they were up to. But they don't. People lie and hide and plan secret attacks.
Swift is offline   3 Reply With Quote
Old Feb 25, 2014, 04:41 AM   #19
Gymgenius
macrumors regular
 
Join Date: Jan 2010
Quote:
Originally Posted by ChromeCloud View Post
How is this even remotely considered a security issue?

Yes, every touch is logged, but none of the logs carry any semantic information about the touches.

What those guys have just demonstrated is of no use to an actual hacker. It would be like tapping a phone line and then only be able to know how many calls are placed each day.
You sure?
The fact that x and y co-ordinates of each touch or release event is captured, could be used as a key-logger once the boundries of each key on the soft keyboard have been worked out.
Gymgenius is offline   18 Reply With Quote
Old Feb 25, 2014, 04:42 AM   #20
Creep89
macrumors regular
 
Join Date: Mar 2012
Quote:
Originally Posted by ChromeCloud View Post
How is this even remotely considered a security issue?

Yes, every touch is logged, but none of the logs carry any semantic information about the touches.

What those guys have just demonstrated is of no use to an actual hacker. It would be like tapping a phone line and then only be able to know how many calls are placed each day.
If you know the exact coordinates you can simply overlay the iOS Keyboard and extract everything the user typed in, including passwords, logins or other personal information. But yeah, no security issue here. LOL.
Creep89 is offline   24 Reply With Quote
Old Feb 25, 2014, 04:43 AM   #21
macdoofus
macrumors member
 
Join Date: Jun 2009
Don't know but isn't this more about the laziness and hootzpah to pass over it? Who is this company now? (I may be late to the party)
__________________
5s, AirPad, iMac, 5Pod, 3Pod
macdoofus is offline   0 Reply With Quote
Old Feb 25, 2014, 04:46 AM   #22
Swift
macrumors 65816
 
Join Date: Feb 2003
Location: Los Angeles
Quote:
Originally Posted by ChromeCloud View Post
How is this even remotely considered a security issue?

Yes, every touch is logged, but none of the logs carry any semantic information about the touches.

What those guys have just demonstrated is of no use to an actual hacker. It would be like tapping a phone line and then only be able to know how many calls are placed each day.
Yeah, all intrusions are in CAPITAL LETTERS and must be happening ALL the time to all of us. Now, there is no "<textbutton> tags or anything giving us a location. A specific app? If you had that you could probably tease out the meaning. Match the geometry of the locations to the buttons on the app. You'd need a better log that this, I'll be thinking.
Swift is offline   0 Reply With Quote
Old Feb 25, 2014, 04:48 AM   #23
ChromeCloud
macrumors newbie
 
Join Date: Jun 2009
Location: Italy
Quote:
Originally Posted by Gymgenius View Post
You sure?
The fact that x and y co-ordinates of each touch or release event is captured, could be used as a key-logger once the boundries of each key on the soft keyboard have been worked out.
You're right, you could probably search the logs for chains of touch inputs that belong to the area of the screen where the soft keyboard is found and then map the touches on the characters...

You'd probably get some false positives but you might be able to extract some real information as well. I see it now, thanks.
ChromeCloud is offline   4 Reply With Quote
Old Feb 25, 2014, 04:54 AM   #24
Swift
macrumors 65816
 
Join Date: Feb 2003
Location: Los Angeles
I like this part

Drop Out Jeep is from 2007. Around the iPhone launch. They said it would cost nothing. That they were only able to put the spyware on the phone if they got hands on it , though they were working to make a "remote install". Ring, ring.
Swift is offline   4 Reply With Quote
Old Feb 25, 2014, 04:55 AM   #25
Infinus.gold
macrumors regular
 
Join Date: Jan 2014
I am happy with the bug.
I am very common person...
My needs and data is stupid and nothing secret left.
...
Take your time and make it better
Infinus.gold is offline   1 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Alleged iPhone 5S User Guide Photo Highlights Fingerprint Sensor As 'Touch ID' MacRumors MacRumors.com News Discussion 533 Oct 15, 2014 11:29 AM
Resolved: iPhone 5s / iOS 7 security flaw ctross iPhone 2 Sep 24, 2013 04:12 AM
New iPhone Passcode Security Flaw Discovered in iOS 6.1.3 MacRumors iOS Blog Discussion 92 Mar 25, 2013 04:42 PM
Major iOS security flaw. CylonGlitch iOS 6 21 Feb 16, 2013 02:47 AM
I have just discovered a major security flaw in iOS 6.1 S1RiOS iPhone 71 Feb 15, 2013 10:20 AM

Forum Jump

All times are GMT -5. The time now is 09:15 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC