Alleged iOS Security Flaw Enables Malicious Apps to Secretly Log User Touch Inputs

MacRumors · Feb 25, 2014

Researchers from security firm FireEye have revealed a new bug in iOS that enables a malicious app to monitor and log a user's touch inputs and button uses while running in the background, reports Ars Technica. The exploit reportedly targets a flaw in iOS' multitasking capabilities to capture user inputs, and allows for them to be sent to a remote server.

To demonstrate the flaw, the researchers created a proof-of-concept monitoring app and developed approaches to "bypass" Apple's App Store Review process effectively. Once the app was installed on an iOS device, actions including keyboard inputs, use of the volume, home, and power buttons, screen touches with exact coordinates, and Touch ID events were all captured. The researchers also noted that disabling iOS 7's "Background App Refresh" setting would not disable a malicious app from logging data, as the only present solution to the problem is to manually remove apps from the task switcher.

FireEye also spoke about the flaw being identified in current versions of iOS:

Note that the demo exploits the latest 7.0.4 version of iOS system on a non-jailbroken iPhone 5s device successfully. We have verified that the same vulnerability also exists in iOS versions 7.0.5, 7.0.6 and 6.1.x. Based on the findings, potential attackers can either use phishing to mislead the victim to install a malicious/vulnerable app or exploit another remote vulnerability of some app, and then conduct background monitoring.

The group added that it is actively working with Apple on the issue, although the company has yet to comment publicly. The news comes less than a week after Apple issued iOS 7.0.6 in response to a SSL vulnerability that allowed a hacker to capture or modify data from Safari in supposedly secure sessions.

The SSL security bug was also found to be present in OS X, as new research over the weekend revealed that additional apps such as FaceTime and iMessage could be compromised. Apple confirmed to Reuters that it will issue an OS X software update "very soon" to patch the bug.

Article Link: Alleged iOS Security Flaw Enables Malicious Apps to Secretly Log User Touch Inputs

Creep89 · Feb 25, 2014

Wow.. Apple.. Much secure

H2SO4 · Feb 25, 2014

MacRumors said:
S: The group added that they are actively working with Apple to fix the issue, as the company has yet to respond.

Business as usual then......

Asclepio · Feb 25, 2014

welcome to the new microsoft.

AndrewMRiv · Feb 25, 2014

Asclepio said:
welcome to the new microsoft.

This is a sad day.

Macman45 · Feb 25, 2014

What would actually be useful here is for somebody to tell us WHICH apps are to blame here.

H2SO4 · Feb 25, 2014

Macman45 said:
What would actually be useful here is for somebody to tell us WHICH apps are to blame here.

See my post above, number 3.

Merode · Feb 25, 2014

Another day, another loophole.

Mr. Retrofire · Feb 25, 2014

The NSA can do the same (and more) via special software on the SIM or flash memory. They call it DROPOUTJEEP and GOPHERSET.

yjchua95 · Feb 25, 2014

Yet another NSA techie is going to slam his head into the wall while saying "****! They found yet another loophole that I inserted!"

Zxxv · Feb 25, 2014

MacRumors said:
The researchers also noted that disabling iOS 7's "Background App Refresh" setting would not disable a malicious app from logging data, as the only present solution to the problem is to manually remove apps from the task switcher.

those people closing all their apps don't look so silly after all

macs4nw · Feb 25, 2014

It's maddening that all this crap happens in the background, without the users knowledge.

iZac · Feb 25, 2014

This better not be lurking away in GBA4iOS!!!

Macman45 · Feb 25, 2014

H2SO4 said:
See my post above, number 3.

Yep, but I bet we don't get a response...They'll just release yet another patch...I'm pretty conservative when it comes to Apps, but I do have SSH installed on phone and iPad....I may remove them for now.

GreyMatta · Feb 25, 2014

iZac said:
This better not be lurking away in GBA4iOS!!!

I thought the exact same thing

ChromeCloud · Feb 25, 2014

How is this even remotely considered a security issue?

Yes, every touch is logged, but none of the logs carry any semantic information about the touches.

What those guys have just demonstrated is of no use to an actual hacker. It would be like tapping a phone line and then only be able to know how many calls are placed each day.

ChazUK · Feb 25, 2014

Be safe out there....

Swift · Feb 25, 2014

Strange Cast of Characters

You know, "DropOutJeep" is a targeted action. It's somebody whose iPhone they want to hear. Does it change anything for you to realize that it will be used to find out things that the United States is better off knowing? Look at it. It is not for a large audience, nor would they ever get this information from Joe Blow. They want somebody who knows something, whose phone is very liable to contain some very useful information. Not peeking on somebody's girlfriend. Reading his e-mails to the Defense Minister of Country X.

Yeah, I know, "he who trades his freedom for security" and all that. But what about the guy who is so high-minded that the future goes all to hell?

Of all the kinds of military and state activity, I'm for cutting back the military to something more like "defense." I'm for the CIA stopping torture, not making military plans like Iraq; our intelligence services should have rules of engagement in foreign countries and with foreign nationals.

But I look at information intelligence as the name of the game. If we can figure out what the Iranians are likely going to do about their nuclear program, we can make our policies fit reality. We wouldn't need signals intelligence if everybody told us exactly what they were up to. But they don't. People lie and hide and plan secret attacks.

Gymgenius · Feb 25, 2014

ChromeCloud said:
How is this even remotely considered a security issue?

Yes, every touch is logged, but none of the logs carry any semantic information about the touches.

What those guys have just demonstrated is of no use to an actual hacker. It would be like tapping a phone line and then only be able to know how many calls are placed each day.

You sure?
The fact that x and y co-ordinates of each touch or release event is captured, could be used as a key-logger once the boundries of each key on the soft keyboard have been worked out.

Creep89 · Feb 25, 2014

ChromeCloud said:
How is this even remotely considered a security issue?

Yes, every touch is logged, but none of the logs carry any semantic information about the touches.

What those guys have just demonstrated is of no use to an actual hacker. It would be like tapping a phone line and then only be able to know how many calls are placed each day.

If you know the exact coordinates you can simply overlay the iOS Keyboard and extract everything the user typed in, including passwords, logins or other personal information.

But yeah, no security issue here. LOL.

macdoofus · Feb 25, 2014

Don't know but isn't this more about the laziness and hootzpah to pass over it? Who is this company now? (I may be late to the party)

Swift · Feb 25, 2014

ChromeCloud said:
How is this even remotely considered a security issue?

Yes, every touch is logged, but none of the logs carry any semantic information about the touches.

What those guys have just demonstrated is of no use to an actual hacker. It would be like tapping a phone line and then only be able to know how many calls are placed each day.

Yeah, all intrusions are in CAPITAL LETTERS and must be happening ALL the time to all of us. Now, there is no "<textbutton> tags or anything giving us a location. A specific app? If you had that you could probably tease out the meaning. Match the geometry of the locations to the buttons on the app. You'd need a better log that this, I'll be thinking.

ChromeCloud · Feb 25, 2014

Gymgenius said:
You sure?
The fact that x and y co-ordinates of each touch or release event is captured, could be used as a key-logger once the boundries of each key on the soft keyboard have been worked out.

You're right, you could probably search the logs for chains of touch inputs that belong to the area of the screen where the soft keyboard is found and then map the touches on the characters...

You'd probably get some false positives but you might be able to extract some real information as well. I see it now, thanks.

Swift · Feb 25, 2014

I like this part

Drop Out Jeep is from 2007. Around the iPhone launch. They said it would cost nothing. That they were only able to put the spyware on the phone if they got hands on it , though they were working to make a "remote install". Ring, ring.

Infinus.gold · Feb 25, 2014

I am happy with the bug.
I am very common person...
My needs and data is stupid and nothing secret left.
...
Take your time and make it better

Alleged iOS Security Flaw Enables Malicious Apps to Secretly Log User Touch Inputs

macrumors bot

macrumors 6502

macrumors 603

macrumors 6502a

macrumors regular

macrumors G5

macrumors 603

macrumors 6502a

macrumors 603

macrumors 604

macrumors 68040

macrumors 601

macrumors 68030

macrumors G5

macrumors regular

macrumors 6502

macrumors 603

macrumors 68000

Suspended

macrumors 6502

macrumors member

macrumors 68000

macrumors 6502

macrumors 68000

macrumors regular

Our Staff