Researchers claim iOS multitasking exploit could allow taps, clicks to be monitored on iPhone, iPad

Researchers claim iOS multitasking exploit could allow taps, clicks to be monitored and recorded on iPhone, iPad

An exploit in the way iOS handles multitasking may allow the touch-equivalent of keylogger-type attacks — where your input is recorded in order to discover your passwords and other data — to work not only on jailbroken iPhones and iPads, but on any device. It would require a malicious app to be created, to get past App Store review, and to get installed onto your device, which is a complex chain and not one anyone has claimed to have actually seen happen yet. But according to Min Zheng, Hui Xue, and Tao Wei of FireEye, it is possible:

We have created a proof-of-concept "monitoring" app on non-jailbroken iOS 7.0.x devices. This “monitoring” app can record all the user touch/press events in the background, including, touches on the screen, home button press, volume button press and TouchID press, and then this app can send all user events to any remote server, as shown in Fig.1. Potential attackers can use such information to reconstruct every character the victim inputs.

They claim the exploit they're using affects devices on iOS 7, including 7.0.4, 7.0.5, and 7.0.6, as well as all versions of iOS 6.

There's not a lot of information available yet about how exactly this works, but again, it seems like an attacker would have to make a malicious app, get it through App Store review and into the App Store, and then get you to go to the App Store and install it onto your device. For example, someone emailing you a link to a knock-off app — "Hey John, check out Flappy Bards, it's free and awesome!"

The researchers suggest uber-paranoid users turn off background refresh and kill all background apps to avoid any possibility of exploit. That's so onerous I doubt many will do it. What's probably better is to follow the same old "don't click on links from people or sources you don't trust" (even if they take you to the App Store) advice, and when browsing the App Store on your own, stick to apps from known developers until Apple patches the exploit.

Most importantly, the exploit seems complex right now and no one has presented any evidence of it existing in the wild. Unless and until that changes, I'd recommend the usual caution but no crazy level of concern. Agree or disagree?

Nick Arnott contributed to this article.

Source: FireEye

Rene Ritchie

Editor-in-Chief of iMore, co-host of Iterate, Debug, Review, The TV Show, Vector, ZEN & TECH, and MacBreak Weekly podcasts. Cook, grappler, photon wrangler. Follow him on Twitter and Google+.

More Posts



← Previously

Deal of the Day: Amzer Soft Gel TPU Gloss Skin Case for iPhone 5/5S

Next up →

iPad Air wins Mobile World Congress tablet of the year award!

There are 17 comments. Add yours.

jeddo45 says:

What's up with all the security flaws showing up across Apple products?

Nexus 5... enough said

stephen007 says:

Is it really enough said? I'm not even understanding your point.

oscaramzz says:

I think his signature stamp is "nexus 5.. Enough said."

Sent from the iMore App

jeddo45 says:

That's my signature. Sorry didn't mean to start an argument. That's it for all my Mobile Nations accounts.

Nexus 5... enough said

beastcmg says:

Winning The Wrong Race: Android Leads In Vulnerabilities Thanks To Apps


Android 4.4 revealed to have VPN security flaw


Android banking Trojans are on the rise

Rene Ritchie says:

Android is open to exploits as well. In fact, this exploit first surfaced for Android and Jailbroken iOS devices, so...

If you want to be safe, use a rock. Call quality sucks though.

Otherwise the more complex software becomes the greater the chance exploits will be found.

kataran says:


Sent from the iMore App

jeddo45 says:

I think I'll upgrade next year lol!

No I'm just wondering if these flaws have always been, or they just popped up with new software (maybe iOS 7?). It is good that Apple is on top of it though. Shows they truly want to keep the customers safe.

Nexus 5... enough said

pullingj says:

They claim the exploit they're using affects devices on iOS 7, including 7.0.4, 7.0.5, and 7.0.6, as well as all versions of iOS 6.

Solamar says:

Oh thats easy.. Windows has dozens of security fixes a month, reporting on it is just blah...

Android, Google simply doesn't patch them unless you're on Nexus.. People are used to this and its to much red tape to get through carriers and OEMS... so why bother.. Just buy a newer phone with updates! :D riiiiiight.. So again.. it's blah..

Apple, news is low, and it's easy to kick someone, so they can make a ton of noise on it because it's so rare.. oh.. and click through is usually very high... lol

Mike Alessi says:

Amazing how they release these "findings" right after the SSL vulnerability.

khobia2 says:

Good point. Apple must be No.1 cause these damn researchers can't get enough keeping them in the news. I betcha no one bother to mentioned that compared to other platforms updates come fast and rapid right to our devices. Bet they didn't get any kudos for that.

Sent from the iMore App

rockerchick says:

OMG! Imagine that. People tap and click their touch screen devices. Oh the horror the sheer horror!!!!

Sent from the iMore App

T-Will says:

OMG!!! Apple is DOOMED!!!!!! iPhones can be exploited!!!!!!!!

(In the unlikely event a malicious app makes it through Apple's review process and breaks out of its app sandbox. Android can be exploited even easier due to their lax or non-existent app review policy.)

khobia2 says:

Agree. This is another lets $@c# Apple year. Yawn.

Sent from the iMore App

asuperstarr says:

Interesting information!

Sent from the iMore App