• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Newly-discovered iOS Exploit Could Let Background Apps Record User Actions


    Some security researchers at the security firm known as FireEye have discovered that it is possible for a developer with malicious intent to exploit iOS 7's multitasking feature so that an application that might be running in the background can record the user's taps, home button presses, volume button presses, Touch ID uses, and more.

    Quote Originally Posted by FireEye
    We have created a proof-of-concept "monitoring" app on non-jailbroken iOS 7.0.x devices. This “monitoring” app can record all the user touch/press events in the background, including, touches on the screen, home button press, volume button press and TouchID press, and then this app can send all user events to any remote server, as shown in Fig.1. Potential attackers can use such information to reconstruct every character the victim inputs.

    Note that the demo exploits the latest 7.0.4 version of iOS system on a non-jailbroken iPhone 5s device successfully. We have verified that the same vulnerability also exists in iOS versions 7.0.5, 7.0.6 and 6.1.x. Based on the findings, potential attackers can either use phishing to mislead the victim to install a malicious/vulnerable app or exploit another remote vulnerability of some app, and then conduct background monitoring.
    So for example, you may have application A running with the ability to record everything you do on your iOS device, and you might close the application and open application B to check your e-mail. Application A is now in the background recording every little tap you make in application B, and can then send everything you're doing on your iOS device to a remote server for someone with malicious intent to analyze. Application A doesn't need to be in the foreground to record your actions, it just needs to be open in the App Switcher.

    The firm was able to create an application that could do such a thing, and then managed to successfully submit it through Apple's App Store review process. In doing so, the researchers have demonstrated that any applications you might be using on your iOS device can record anything you might be doing on your iOS device, because clearly, Apple hasn't been checking to see if applications are doing this or not.

    FireEye notes that the issue is present iniOS 6.1.x, iOS 7.0.4, iOS 7.0.5, and iOS 7.0.6 (iOS 7.0.6 was just released a few days ago to fix a very nasty SSL connection verification bug), and a developer that knew what they were doing could completely bypass the "background app refresh" feature of iOS 7 whether it was enabled or not. The firm also claims that it is working closely with Apple in order to get the issue fixed in a future iOS update.

    The best way for you to prevent having all of your actions recorded, in the event that you download an application from the App Store that likes to record your actions in the background, is to make sure that you're always closing applications from the App Switcher when you're done using them. To do this in iOS 7, just double-press on the Home Button and then swipe up on the applications that you want to close.

    Sources: FireEye
    This article was originally published in forum thread: Newly-discovered iOS Multitasking Exploit Could Let Background Apps Record User Actions started by Anthony Bouchard View original post
    Comments 15 Comments
    1. Abbaroc's Avatar
      Abbaroc -
      Apple hasn't had a good week with security flaws. Should I update to 7.0.6 today or later?
    1. GuiltyGearIsaac's Avatar
      GuiltyGearIsaac -
      Quote Originally Posted by Abbaroc View Post
      Apple hasn't had a good week with security flaws. Should I update to 7.0.6 today or later?
      Pod2g himself said to update it.
    1. Co1d Night's Avatar
      Co1d Night -
      Good thing I don´t download a lot of apps.
    1. slim.jim's Avatar
      slim.jim -
      This could be true for any OS on any platform. That's the whole purpose of a key logger.
    1. gsmlover's Avatar
      gsmlover -
      Quote Originally Posted by slim.jim View Post
      This could be true for any OS on any platform. That's the whole purpose of a key logger.
      yes you are right
    1. mlee19841's Avatar
      mlee19841 -
      Here we go with another Apple iOS push out.
    1. steve-z17's Avatar
      steve-z17 -
      Great, another security flaw that needs to be fixed. Apple will probably patch it in 7.1 which can't be JB. I really hope that's not the case though.
    1. mlee19841's Avatar
      mlee19841 -
      Quote Originally Posted by steve-z17 View Post
      Great, another security flaw that needs to be fixed. Apple will probably patch it in 7.1 which can't be JB. I really hope that's not the case though.
      Most likely will be the case.
    1. PokemonDesigner's Avatar
      PokemonDesigner -
      Quote Originally Posted by mlee19841 View Post
      Most likely will be the case.


      Most likely will.
    1. ThatOneProfile's Avatar
      ThatOneProfile -
      1. Why post about the flaw publicly, why not submit the exploit to Apple directly and stop scaring the absolute crap out of people who don't know better.

      2. A photo doesn't prove anything, for all we know that data was being sent from a jailbroken device.

      3. The chances of an app like this making it on the app store are pretty much impossible, if Apple can reject an app for having the word "Flappy" I'm pretty sure they can detect background monitoring.
    1. Anthony Bouchard's Avatar
      Anthony Bouchard -
      Quote Originally Posted by ThatOneProfile View Post
      1. Why post about the flaw publicly, why not submit the exploit to Apple directly and stop scaring the absolute crap out of people who don't know better.
      Which, as we said in the post, is exactly what FireEye is doing. They are working with Apple to get it fixed.

      Quote Originally Posted by ThatOneProfile View Post
      2. A photo doesn't prove anything, for all we know that data was being sent from a jailbroken device.
      Take the photo as you will, we got it directly from the source (the firm) claiming that they have done what they say they have.

      Quote Originally Posted by ThatOneProfile View Post
      3. The chances of an app like this making it on the app store are pretty much impossible, if Apple can reject an app for having the word "Flappy" I'm pretty sure they can detect background monitoring.
      The firm claims that the application made it into the App Store.
    1. slim.jim's Avatar
      slim.jim -
      Quote Originally Posted by Anthony Bouchard View Post
      The firm claims that the application made it into the App Store.
      Yea, apps using private APIs make through occasionally. Like those that allow screen recording. They are quickly pulled though once they are outed on places like twitter and reddit, or here.
    1. ThatOneProfile's Avatar
      ThatOneProfile -
      Quote Originally Posted by slim.jim View Post
      Yea, apps using private APIs make through occasionally. Like those that allow screen recording. They are quickly pulled though once they are outed on places like twitter and reddit, or here.
      Exactly. The likelihood of them submitting an app, seeing that their exploit works and pulling it right after WITH downloads is next to impossible. I doubt anyone has the same exploit and is making apps. Now that this exploit is public and apple has knowledge of what specific methods of getting the app into the appstore are, they will reject apps accordingly.
    1. Anthony Bouchard's Avatar
      Anthony Bouchard -
      Quote Originally Posted by slim.jim View Post
      Yea, apps using private APIs make through occasionally. Like those that allow screen recording. They are quickly pulled though once they are outed on places like twitter and reddit, or here.
      The big difference being that the name of the application the firm used for this testing was not publicly announced. So Apple has no hints as to what the application may be.

      And any third-party developers that use this exploit as a means of malicious intent certainly won't tell people, or blogs, about the feature. So that wouldn't be publicized. So Apple wouldn't have any tips about said application having the feature, and therefore wouldn't think twice about pulling it.

      With tethering apps, the developers tell blogs about the feature so that we write about it, so that people can grab the application before it's pulled.

      No one here is telling us that they've made an application to track your movements. If they were using the feature maliciously, why in the world would they? They would want the feature to be under the table where you and I can't see it. They would want to benefit from the malicious activity without being noticed.

      Does that make sense? This is in no way shape or form a comparison to a tethering app. The developers actually WANT you to know when the application lets you tether, because then you'll download it. When is the last time that a piece of software you downloaded from the Internet said, "HEY DOWNLOAD ME, I HAVE SPYWARE?" That would be an instant turn off. You wouldn't download it. So saying it had it contained would be the opposite of what the developer wanted.

      Luckily for everyone, it was an honest firm that found this problem, and not a hacker with malicious intent. So of course they publicized it this time. There are probably hundreds of other undiscovered exploits in iOS that malicious developers are already using and we don't even know about yet. That's something to really think about.
    1. slim.jim's Avatar
      slim.jim -
      Quote Originally Posted by Anthony Bouchard View Post
      The big difference being that the name of the application the firm used for this testing was not publicly announced. So Apple has no hints as to what the application may be.

      And any third-party developers that use this exploit as a means of malicious intent certainly won't tell people, or blogs, about the feature. So that wouldn't be publicized. So Apple wouldn't have any tips about said application having the feature, and therefore wouldn't think twice about pulling it.

      With tethering apps, the developers tell blogs about the feature so that we write about it, so that people can grab the application before it's pulled.

      No one here is telling us that they've made an application to track your movements. If they were using the feature maliciously, why in the world would they? They would want the feature to be under the table where you and I can't see it. They would want to benefit from the malicious activity without being noticed.

      Does that make sense? This is in no way shape or form a comparison to a tethering app. The developers actually WANT you to know when the application lets you tether, because then you'll download it. When is the last time that a piece of software you downloaded from the Internet said, "HEY DOWNLOAD ME, I HAVE SPYWARE?" That would be an instant turn off. You wouldn't download it. So saying it had it contained would be the opposite of what the developer wanted.

      Luckily for everyone, it was an honest firm that found this problem, and not a hacker with malicious intent. So of course they publicized it this time. There are probably hundreds of other undiscovered exploits in iOS that malicious developers are already using and we don't even know about yet. That's something to really think about.
      I wasn't disagreeing with you. I was more so reinforcing your point that Apple doesn't catch everything that makes it into the AppStore.