iPhone Security Flaw Can Let Apps Act as Keyloggers
Feb. 25, 2014— -- Use an iPhone long enough, and eventually the screen will be dotted with smears and smudges, courtesy of your fingerprints. But it turns out there's a far more revealing digital fingerprint that betrays where you've been tapping your phone.
FireEye, a computer security firm, recently revealed a flaw in iOS 7 that can be exploited to track your finger's every action.
"An attacker can exploit a vulnerability in iOS so that any application can collect data as well as record the phone's keystrokes," Tao Wei, senior staff research scientist at FireEye, told ABC News.
Wei and his colleagues created an app that ran in the background of the iPhone to collect this data and send it to a remote server. "Essentially, you have full monitoring of the keyboard and touchscreen," Wei said.
The app can also detect when the home button, the volume buttons, and the fingerprint sensor have been used. He confirmed that the flaw is present across multiple versions of iOS 7, including its most recent update.
"It's not surprising that [FireEye] can do this," said Billy Lau, a computer security researcher at Georgia Institute of Technology.
Exploits like this should serve as a reminder to smartphone owners, Lau said. "People should start with the mindset that Apple is not perfect in terms of security. It's being proven over and over again," he said.
For now, Wei sees the iOS flaw more as a potential security threat instead of a case where the damage had been done. "We don't think this vulnerability has been widely exploited, so most people are not likely to be affected," he said. "We published this blog to warn the public."
Wei notified Apple before posting the findings and said that FireEye is "collaborating with Apple on this issue." Apple did not respond to ABC News' request for comment.