iPhone Security Flaw Can Let Apps Act as Keyloggers

PHOTO: A general view of an Iphone running iOS7, Oct. 2, 2013. Picture date: Wednesday October 2, 2013.

Use an iPhone long enough, and eventually the screen will be dotted with smears and smudges, courtesy of your fingerprints. But it turns out there's a far more revealing digital fingerprint that betrays where you've been tapping your phone.

FireEye, a computer security firm, recently revealed a flaw in iOS 7 that can be exploited to track your finger's every action.

"An attacker can exploit a vulnerability in iOS so that any application can collect data as well as record the phone's keystrokes," Tao Wei, senior staff research scientist at FireEye, told ABC News.

Wei and his colleagues created an app that ran in the background of the iPhone to collect this data and send it to a remote server. "Essentially, you have full monitoring of the keyboard and touchscreen," Wei said.

The app can also detect when the home button, the volume buttons, and the fingerprint sensor have been used. He confirmed that the flaw is present across multiple versions of iOS 7, including its most recent update.

"It's not surprising that [FireEye] can do this," said Billy Lau, a computer security researcher at Georgia Institute of Technology.

Exploits like this should serve as a reminder to smartphone owners, Lau said. "People should start with the mindset that Apple is not perfect in terms of security. It's being proven over and over again," he said.

For now, Wei sees the iOS flaw more as a potential security threat instead of a case where the damage had been done. "We don't think this vulnerability has been widely exploited, so most people are not likely to be affected," he said. "We published this blog to warn the public."

Wei notified Apple before posting the findings and said that FireEye is "collaborating with Apple on this issue." Apple did not respond to ABC News' request for comment.

Join the Discussion
You are using an outdated version of Internet Explorer. Please click here to upgrade your browser in order to comment.
blog comments powered by Disqus
 
You Might Also Like...
See It, Share It
PHOTO: Oscar de la Renta and Oprah Winfrey attend the Costume Institute Gala Benefit to celebrate the opening of the American Woman: Fashioning a National Identity exhibition at The Metropolitan Museum of Art, May 8, 2010, in New York City.
Rabbani and Solimene Photography/WireImage/Getty Images
PHOTO: Up in Ash: Mount Sinabung Erupting
Tibt Nangin/Anadolu Agency/Getty Images
PHOTO: Firefighters rescue a woman who got stuck in a chimney in Thousand Oaks, Calif.
Ventura County Fire Department
PHOTO: Apple Pay is demonstrated at Apple headquarters on Oct. 16, 2014 in Cupertino, Calif.
Marcio Jose Sanchez/AP Photo