Slashdot Mirror

← Back to Stories (view on slashdot.org)

New iOS Keylogging Vulnerability Discovered

Posted by timothy on from the it's-called-eye-phone-duh dept.

exomondo writes "Following hot on the heels of the iOS (and OS X) SSL security bug comes the latest vulnerability in Apple's mobile operating system. It is a security bug that can be used as a vector for malware to capture touch screen, volume rocker, home button and (on supported devices) TouchID sensor presses, information that could be sent to a remote server to re-create the user's actions. The vulnerability exists in even the most recent versions of iOS and the authors claim that they delivered a proof-of-concept monitoring app through the App Store."

4 of 72 comments (clear)

  1. Linux and windows have vulnerabilities by bazmail · · Score: 5, Insightful

    apple software has "bugs".

    1. Re:Linux and windows have vulnerabilities by rehtonAesoohC · · Score: 5, Insightful

      You can't assume that because android also has multi-tasking that it also has a security vulnerability... It's a completely different system with completely different designs. That's like saying that because an apple has skin that you should also eat people too.

  2. Goes to show... by jones_supa · · Score: 5, Insightful

    As Apple products keep gaining larger market share, also the number of discovered vulnerabilities increases day after day. Having a UNIX base does not mean that you are automatically invincible.

  3. Is this a real vulnerability or hype? by Ronin+Developer · · Score: 2, Insightful

    The method of how the app was installed on a non-jail broken device was not discussed. While I would say that being able to capture touches and such by an background app is a potential threat, getting the software on a device is easier said than done.

    Mobile Management Systems (MMS) have access to APIs that can also do these sorts of things.

    I would venture that this was one using either developer mode or as an enterprise app and not through the the AppStore. Jailbroken devices are, clearly, more at risk.

    Now...a bigger question. Can the same be done on Android devices? I am betting "Yes"????