iOS Users Facing Another Security Flaw

There’s a security flaw in Apple’s mobile operating system, iOS. No, it’s not the same flaw that we reported yesterday. That widely publicized flaw allows attackers to intercept data being sent between your phone and web servers and an update that fixes it is already available for most affected users. This new flaw, as Lance Whitney of CNet reports, allows for the remote capture of “every character the victim inputs” on an iPhone or iPad.

The vulnerability was uncovered by security firm FireEye. A keylogging app is able to run in the background of any iOS 7 device because of a flaw in the Background App Refresh setting.

You may be wondering what the danger of a hacker being able to monitor every press of your touchscreen, or home button, or volume controls is. Attackers aren’t just able to monitor when you touch your screen, but precisely where on the X and Y axis. That means that passwords and log-in credentials could be stolen. Your phone’s lock screen could also be compromised. Think of everything you use your phone or tablet for and then consider how dangerous it would be to have a stranger looking over your shoulder the entire time.

Unlike the SSL vulnerability that was revealed recently, this iOS vulnerability requires a malicious app to be installed on the device first. Of course, there are a number of ways an app can make it’s way to your iPhone. Apps downloaded directly from the official App Store are usually legitimate, however. So, these malicious apps would likely come from 3rd party app stores or email attachments.

Apple has publicly stated that they’re working with FireEye to create a patch to fix the problem. In the meantime, users can close any apps running in the background by double-tapping their Home button. Close any apps you aren’t currently using. If there’s an app running that you don’t recognize, there’s a good chance that it’s malware.

If you have a device that’s been infected with malware, bring it to Geek Rescue or call us at 918-369-4335.