Ars Technica discovered a blog post published last night by security research firm FireEye showing proof of concept monitoring on a non-jailbroken iOS 7.0.x device. Based on information gathered from FireEye, the researchers were able to identify a flaw in Apple’s mobile operating system that would allow attackers to log every touch a user makes on their device, including TouchID and volume controls.
According to Ars, FireEye noted that the flaw was confirmed to exist in iOS 7.0.4, 7.0.5, and even the three-day-old update to 7.0.6. The flaw also affects devices running the iOS 6 operating system. The vulnerability allows attackers to covertly monitor activities on a device through an app that uses multitasking capabilities built into iOS to capture inputs.
“We have created a proof-of-concept “monitoring” app on non-jailbroken iOS 7.0.x devices. This “monitoring” app can record all the user touch/press events in the background, including touches on the screen, home button press, volume button press and TouchID press, and then this app can send all user events to any remote server, as shown in Fig.1. Potential attackers can use such information to reconstruct every character the victim inputs.”
Ars also noted that a posting that was removed shortly after being posted eluded to Apple’s knowledge of the vulnerability. The now-missing post originally read, “FireEye successfully delivered a proof-of-concept monitoring app through the App Store that records user activity and sends it to a remote server. We have been collaborating with Apple on this issue.”
The proof-of-concept app relies on Apple’s background app refresh technology because they constantly run in the background and can collect information on every touch made on a device.
Ars notes that, until Apple fixes the vulnerability, the only way to avoid malicious attacks is to turn off access to background refresh for apps that you don’t know and trust.
Go to your Settings app, select “General,” and then “Background App Refresh.” Find any apps you don’t trust and toggle their access off.