New iOS Keylogging Vulnerability Discovered 72
exomondo writes "Following hot on the heels of the iOS (and OS X) SSL security bug comes the latest vulnerability in Apple's mobile operating system. It is a security bug that can be used as a vector for malware to capture touch screen, volume rocker, home button and (on supported devices) TouchID sensor presses, information that could be sent to a remote server to re-create the user's actions. The vulnerability exists in even the most recent versions of iOS and the authors claim that they delivered a proof-of-concept monitoring app through the App Store."
Linux and windows have vulnerabilities (Score:5, Insightful)
Goes to show... (Score:5, Insightful)
Is this a real vulnerability or hype? (Score:3, Insightful)
The method of how the app was installed on a non-jail broken device was not discussed. While I would say that being able to capture touches and such by an background app is a potential threat, getting the software on a device is easier said than done.
Mobile Management Systems (MMS) have access to APIs that can also do these sorts of things.
I would venture that this was one using either developer mode or as an enterprise app and not through the the AppStore. Jailbroken devices are, clearly, more at risk.
Now...a bigger question. Can the same be done on Android devices? I am betting "Yes"????
Re:Linux and windows have vulnerabilities (Score:5, Insightful)