Results 1 to 16 of 16

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Newly-discovered iOS Exploit Could Let Background Apps Record User Actions

  1. #1
    Default Newly-discovered iOS Multitasking Exploit Could Let Background Apps Record User Actions


    Some security researchers at the security firm known as FireEye have discovered that it is possible for a developer with malicious intent to exploit iOS 7's multitasking feature so that an application that might be running in the background can record the user's taps, home button presses, volume button presses, Touch ID uses, and more.

    Quote Originally Posted by FireEye
    We have created a proof-of-concept "monitoring" app on non-jailbroken iOS 7.0.x devices. This “monitoring” app can record all the user touch/press events in the background, including, touches on the screen, home button press, volume button press and TouchID press, and then this app can send all user events to any remote server, as shown in Fig.1. Potential attackers can use such information to reconstruct every character the victim inputs.

    Note that the demo exploits the latest 7.0.4 version of iOS system on a non-jailbroken iPhone 5s device successfully. We have verified that the same vulnerability also exists in iOS versions 7.0.5, 7.0.6 and 6.1.x. Based on the findings, potential attackers can either use phishing to mislead the victim to install a malicious/vulnerable app or exploit another remote vulnerability of some app, and then conduct background monitoring.
    So for example, you may have application A running with the ability to record everything you do on your iOS device, and you might close the application and open application B to check your e-mail. Application A is now in the background recording every little tap you make in application B, and can then send everything you're doing on your iOS device to a remote server for someone with malicious intent to analyze. Application A doesn't need to be in the foreground to record your actions, it just needs to be open in the App Switcher.

    The firm was able to create an application that could do such a thing, and then managed to successfully submit it through Apple's App Store review process. In doing so, the researchers have demonstrated that any applications you might be using on your iOS device can record anything you might be doing on your iOS device, because clearly, Apple hasn't been checking to see if applications are doing this or not.

    FireEye notes that the issue is present iniOS 6.1.x, iOS 7.0.4, iOS 7.0.5, and iOS 7.0.6 (iOS 7.0.6 was just released a few days ago to fix a very nasty SSL connection verification bug), and a developer that knew what they were doing could completely bypass the "background app refresh" feature of iOS 7 whether it was enabled or not. The firm also claims that it is working closely with Apple in order to get the issue fixed in a future iOS update.

    The best way for you to prevent having all of your actions recorded, in the event that you download an application from the App Store that likes to record your actions in the background, is to make sure that you're always closing applications from the App Switcher when you're done using them. To do this in iOS 7, just double-press on the Home Button and then swipe up on the applications that you want to close.

    Sources: FireEye

  2. The Following User Says Thank You to Anthony Bouchard For This Useful Post:

    Will719 (2014-02-26)

  3. #2
    Apple hasn't had a good week with security flaws. Should I update to 7.0.6 today or later?

  4. #3
    Quote Originally Posted by Abbaroc View Post
    Apple hasn't had a good week with security flaws. Should I update to 7.0.6 today or later?
    Pod2g himself said to update it.

  5. The Following User Says Thank You to GuiltyGearIsaac For This Useful Post:

    iH85CH001 (2014-02-27)

  6. #4
    La Malcria Co1d Night's Avatar
    Join Date
    Dec 2010
    Location
    Estados Unidos
    Posts
    733
    Thanks
    33
    Thanked 53 Times in 50 Posts

    Good thing I don´t download a lot of apps.

  7. #5
    Livin the iPhone Life slim.jim's Avatar
    Join Date
    Apr 2009
    Location
    Maryland, US
    Posts
    1,014
    Thanks
    116
    Thanked 129 Times in 99 Posts

    This could be true for any OS on any platform. That's the whole purpose of a key logger.

  8. #6
    Quote Originally Posted by slim.jim View Post
    This could be true for any OS on any platform. That's the whole purpose of a key logger.
    yes you are right

  9. #7
    Here we go with another Apple iOS push out.

  10. The Following User Says Thank You to mlee19841 For This Useful Post:

    iH85CH001 (2014-02-27)

  11. #8
    Great, another security flaw that needs to be fixed. Apple will probably patch it in 7.1 which can't be JB. I really hope that's not the case though.

  12. The Following 2 Users Say Thank You to steve-z17 For This Useful Post:

    iH85CH001 (2014-02-27), PokemonDesigner (2014-02-25)

  13. #9
    Quote Originally Posted by steve-z17 View Post
    Great, another security flaw that needs to be fixed. Apple will probably patch it in 7.1 which can't be JB. I really hope that's not the case though.
    Most likely will be the case.

  14. #10
    Quote Originally Posted by mlee19841 View Post
    Most likely will be the case.


    Most likely will.

  15. #11
    1. Why post about the flaw publicly, why not submit the exploit to Apple directly and stop scaring the absolute crap out of people who don't know better.

    2. A photo doesn't prove anything, for all we know that data was being sent from a jailbroken device.

    3. The chances of an app like this making it on the app store are pretty much impossible, if Apple can reject an app for having the word "Flappy" I'm pretty sure they can detect background monitoring.

  16. The Following 3 Users Say Thank You to ThatOneProfile For This Useful Post:

    iH85CH001 (2014-02-27), jery911 (2014-02-26), PokemonDesigner (2014-02-26)

  17. #12
    Quote Originally Posted by ThatOneProfile View Post
    1. Why post about the flaw publicly, why not submit the exploit to Apple directly and stop scaring the absolute crap out of people who don't know better.
    Which, as we said in the post, is exactly what FireEye is doing. They are working with Apple to get it fixed.

    Quote Originally Posted by ThatOneProfile View Post
    2. A photo doesn't prove anything, for all we know that data was being sent from a jailbroken device.
    Take the photo as you will, we got it directly from the source (the firm) claiming that they have done what they say they have.

    Quote Originally Posted by ThatOneProfile View Post
    3. The chances of an app like this making it on the app store are pretty much impossible, if Apple can reject an app for having the word "Flappy" I'm pretty sure they can detect background monitoring.
    The firm claims that the application made it into the App Store.

  18. The Following 2 Users Say Thank You to Anthony Bouchard For This Useful Post:

    emerica6708 (2014-02-26), Sage I (2014-02-26)

  19. #13
    Livin the iPhone Life slim.jim's Avatar
    Join Date
    Apr 2009
    Location
    Maryland, US
    Posts
    1,014
    Thanks
    116
    Thanked 129 Times in 99 Posts

    Quote Originally Posted by Anthony Bouchard View Post
    The firm claims that the application made it into the App Store.
    Yea, apps using private APIs make through occasionally. Like those that allow screen recording. They are quickly pulled though once they are outed on places like twitter and reddit, or here.

  20. The Following User Says Thank You to slim.jim For This Useful Post:

    ThatOneProfile (2014-02-26)

  21. #14
    Quote Originally Posted by slim.jim View Post
    Yea, apps using private APIs make through occasionally. Like those that allow screen recording. They are quickly pulled though once they are outed on places like twitter and reddit, or here.
    Exactly. The likelihood of them submitting an app, seeing that their exploit works and pulling it right after WITH downloads is next to impossible. I doubt anyone has the same exploit and is making apps. Now that this exploit is public and apple has knowledge of what specific methods of getting the app into the appstore are, they will reject apps accordingly.

  22. #15
    Quote Originally Posted by slim.jim View Post
    Yea, apps using private APIs make through occasionally. Like those that allow screen recording. They are quickly pulled though once they are outed on places like twitter and reddit, or here.
    The big difference being that the name of the application the firm used for this testing was not publicly announced. So Apple has no hints as to what the application may be.

    And any third-party developers that use this exploit as a means of malicious intent certainly won't tell people, or blogs, about the feature. So that wouldn't be publicized. So Apple wouldn't have any tips about said application having the feature, and therefore wouldn't think twice about pulling it.

    With tethering apps, the developers tell blogs about the feature so that we write about it, so that people can grab the application before it's pulled.

    No one here is telling us that they've made an application to track your movements. If they were using the feature maliciously, why in the world would they? They would want the feature to be under the table where you and I can't see it. They would want to benefit from the malicious activity without being noticed.

    Does that make sense? This is in no way shape or form a comparison to a tethering app. The developers actually WANT you to know when the application lets you tether, because then you'll download it. When is the last time that a piece of software you downloaded from the Internet said, "HEY DOWNLOAD ME, I HAVE SPYWARE?" That would be an instant turn off. You wouldn't download it. So saying it had it contained would be the opposite of what the developer wanted.

    Luckily for everyone, it was an honest firm that found this problem, and not a hacker with malicious intent. So of course they publicized it this time. There are probably hundreds of other undiscovered exploits in iOS that malicious developers are already using and we don't even know about yet. That's something to really think about.
    Last edited by Anthony Bouchard; 2014-02-26 at 04:24 AM.

  23. #16
    Livin the iPhone Life slim.jim's Avatar
    Join Date
    Apr 2009
    Location
    Maryland, US
    Posts
    1,014
    Thanks
    116
    Thanked 129 Times in 99 Posts

    Quote Originally Posted by Anthony Bouchard View Post
    The big difference being that the name of the application the firm used for this testing was not publicly announced. So Apple has no hints as to what the application may be.

    And any third-party developers that use this exploit as a means of malicious intent certainly won't tell people, or blogs, about the feature. So that wouldn't be publicized. So Apple wouldn't have any tips about said application having the feature, and therefore wouldn't think twice about pulling it.

    With tethering apps, the developers tell blogs about the feature so that we write about it, so that people can grab the application before it's pulled.

    No one here is telling us that they've made an application to track your movements. If they were using the feature maliciously, why in the world would they? They would want the feature to be under the table where you and I can't see it. They would want to benefit from the malicious activity without being noticed.

    Does that make sense? This is in no way shape or form a comparison to a tethering app. The developers actually WANT you to know when the application lets you tether, because then you'll download it. When is the last time that a piece of software you downloaded from the Internet said, "HEY DOWNLOAD ME, I HAVE SPYWARE?" That would be an instant turn off. You wouldn't download it. So saying it had it contained would be the opposite of what the developer wanted.

    Luckily for everyone, it was an honest firm that found this problem, and not a hacker with malicious intent. So of course they publicized it this time. There are probably hundreds of other undiscovered exploits in iOS that malicious developers are already using and we don't even know about yet. That's something to really think about.
    I wasn't disagreeing with you. I was more so reinforcing your point that Apple doesn't catch everything that makes it into the AppStore.

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •