iOS 7 vulnerable to background monitoring, no fix yet

It seems Apple's security woes won't be ending any time soon, as yet another vulnerability has been exposed within days of the earlier report, in its operating system by security researchers.

Security firm FireEye has published a detailed report on an unpatched vulnerability in iOS 7 which could allow hackers to monitor user's activities on the mobile device using a background monitoring app. By bypassing Apple's app review process, the exploit can be invoked on non-jailbroken iOS 7 devices using a malicious app such as a keylogger.

A proof-of-concept app was created by FireEye, and was successfully used to demonstrate background monitoring and reporting of all screen touches, home button presses, volume button presses and TouchID presses. The app was demonstrated on iOS 7.0.4 but the firm mentions that the vulnerability exists on iOS versions 7.0.5, 7.0.6 and 6.1.x as well.

iOS 7 uses "Background App Refresh" to close idle apps, however, this setting can be bypassed by apps such as the music player and can be implemented by malicious apps to carry out monitoring. Apple and FireEye are working on getting a fix ready for the exploit, but in the meantime, users are advised to use the iOS task manager to close apps and prevent background monitoring by rogue apps.

Source: FireEye | Password Security For Safety From Mobile Phone image via Shutterstock

Report a problem with article
Previous Story

Yes, Windows Server 2012 R2 will also get a "Spring Update"

Next Story

IE 11 on Windows Phone 8.1 shown off on video; shows new Reading View and tweaked UI

23 Comments

Commenting is disabled on this article.

So much for the "secure" operating system pumped by all the Apple fans, or the TV sales host like on QVC. I still remember that guy on QVC pumping that Apple doesn't get viruses or malware.

Good thing no one seems to understand this.

The "proof of concept" used for these things requires one of two things: either for the user to purposely install a developer certificate and then purposely sideload an application that does this, or the user to purposely circumvent/crack the OS protections (jailbreak) and then purposely sideload an application that does this.

The program cannot just sneak into your system.

The APIs / functions that this require are **not allowed** by Apple, so any app that tries this will be blocked from the App Store, or removed if discovered to have sneaked into the App Store.

Knew there was another reason I haven't upgraded my phone in a while.

Don't need 99% of the junk that comes pre-installed on those things let alone ANY of the extra crap from Apple OR Google stores!! Most phones have more junk installed on them then ANY OEM computer I've ever seen! The real bad part of that is most people don't know, or care even less, about security on their phone then their computer.

cork1958 said,
Knew there was another reason I haven't upgraded my phone in a while.

Don't need 99% of the junk that comes pre-installed on those things let alone ANY of the extra crap from Apple OR Google stores!! Most phones have more junk installed on them then ANY OEM computer I've ever seen! The real bad part of that is most people don't know, or care even less, about security on their phone then their computer.

Eh? Did you even read the article? It's absolutely nothing to do with your tirade about third party software installed by OEM's.

Raa said,

Never heard of that OS before

Yeah, Facebook recently bought the rights to the old Palm OS and will be releasing a rebranded version later this year called "Facepalm"

what does "by bypassing apples app review process" mean? you have to install an app apple would never allow in the app store?

It means these malicious apps made it into the app store without apple's approval OR apple approved them without knowing about this exploit. Either way, now it's dangerous because now any developer can update their app with this this method to enable background monitoring like that. So Apple will have to patch it or have to check every app for this hack.

j2006 said,
It means these malicious apps made it into the app store without apple's approval OR apple approved them without knowing about this exploit. Either way, now it's dangerous because now any developer can update their app with this this method to enable background monitoring like that. So Apple will have to patch it or have to check every app for this hack.

i dont think these apps would make it into the app store, i think bypass means sideload with a certificate

Even if, for as long as every iOS device gets an update, what's to worry?

Wait, wait, I thought iOS 7 made it harder to jailbreak.

Brian Miller said,
Could this be a scare tactic to prevent people from jail breaking their devices?

The article clearly states: "the exploit can be invoked on non-jailbroken iOS 7 devices"

Raa said,

The article clearly states: "the exploit can be invoked on non-jailbroken iOS 7 devices"

that would preclude people actually reading articles
a rare talent these days

True but how can it be exploited exactly ? where does this monitoring app come from ? the info at fireeye is a bit sketchy on that.