Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Security Bug Cellphones Handhelds IOS Iphone Apple

New iOS Keylogging Vulnerability Discovered 72

exomondo writes "Following hot on the heels of the iOS (and OS X) SSL security bug comes the latest vulnerability in Apple's mobile operating system. It is a security bug that can be used as a vector for malware to capture touch screen, volume rocker, home button and (on supported devices) TouchID sensor presses, information that could be sent to a remote server to re-create the user's actions. The vulnerability exists in even the most recent versions of iOS and the authors claim that they delivered a proof-of-concept monitoring app through the App Store."
This discussion has been archived. No new comments can be posted.

New iOS Keylogging Vulnerability Discovered

Comments Filter:
  • by alen ( 225700 ) on Tuesday February 25, 2014 @02:57PM (#46337251)

    this one relies on apps that run in the background and "listen" to touch inputs

    since android is multitasking as well i assume it has the same issues

  • by Anonymous Coward on Tuesday February 25, 2014 @03:07PM (#46337373)

    Background tasks don't receive touch input. That's why they are in the background.

    Unless you are iOS and have this vulnerability.

  • by Anonymous Coward on Tuesday February 25, 2014 @06:38PM (#46339745)

    So, someone who's breaking the ToS (not being rogue) has to put an app out, then you have to install it, and then it's scraping inputs.

    Oh so it's not a security vulnerability if it's against the Terms of Service, wow Microsoft should implement a ToS and then most of their Windows security issues will cease to exist.

    This isn't a security vulnerability as most responses on here opine about.

    Of course it is, how do you figure that a process running in the background being able to break out of the sandbox restrictions and capture all inputs is not a security vulnerability? You would have to be a complete Apple shill to be in such denial about a bug like this.

    My car has a gas pedal. Does the ECM for engine management have a "security vulnerability," because I can press hard on the right pedal and do 180mph (illegal by federal law)?? No. It's functioning as designed.

    Yet the application sandboxing in iOS is clearly not working as designed as it is allowing background processes to capture all inputs. Since you clearly don't understand the concept of sandboxing it is obvious why you would not see the security problem here.

The rich get rich, and the poor get poorer. The haves get more, the have-nots die.