Tuesday 25 February 2014
On
06:53
by
Unknown
No comments
Every tap, touch, and press you make on your iPhone and iPad could be monitored and captured remotely due to an iOS security flaw. At least, that's the claim from security firm FireEye.
In a blog posted Monday, FireEye researchers said they conducted a test on non-jailbroken iOS 7.0.x devices in which they installed a "monitoring" app. This app was able to record all touch and press events in the background, including screen touches, home button presses, volume button presses, and TouchID presses. Based on its findings, the team concluded that an attacker could use such an app to remotely obtain keystrokes and screen touches on an iOS device, thereby reconstructing "every character the victim inputs."
The flaw reportedly lies in the way background apps run on an iPhone or iPad as those apps can detect all keystrokes and touch inputs made on the device. Disabling the Background App Refresh setting can prevent the background monitoring, though a malicious app disguised as a music program could still conduct such monitoring.
And though the researchers used a device running iOS 7.0.4, they said the same vulnerability exists in iOS versions 7.0.5, 7.0.6 and 6.1.x.
Of course, an iOS user would have to somehow allow the malicious app to be installed in the first place. Apple does impose strict requirements on the apps allowed in the App Store. FireEye was able to install its test app on a non-jailbroken device, though it didn't explain how.
Until Apple patches the problem, the only way to avoid the flaw is to trigger the iOS task manager to manually shut down apps running in the background, according to FireEye. Double-tapping the Home button displays all background apps. Swiping a background app in iOS 7.0.x then closes the app.
What is Apple's take on this reported security bug? The FireEye researchers said they've been collaborating with the company on this issue. CNET contacted Apple for comment and will update the story if the company responds.
Apple is already grappling with a security flaw that affects OS X as well as iOS. The flaw could allow an attacker to capture and modify data supposedly protected by SSL, or Secure Sockets Layer. The launch of iOS 7.0.6 late last week patched the hole for mobile devices. OS X remains exposed, though Apple has promised a fix there as well.
Subscribe to:
Post Comments
(
Atom
)
Search
Popular Posts
-
Hello friends, today we have something special for pc beginners. We have some keyboard shortcut which will really help you to operate any ...
-
Embattled Bitcoin exchange Mt. Gox has resigned from the board of the Bitcoin Foundation, the organization that manages the crypto-curren...
-
Ultra HD, colloquially known as "4K," is the latest buzzword, and the latest push from TV manufacturers. While your next TV mig...
-
BlackBerry CEO John Chen confirmed two new phones were on their way this year. The first, codenamed "Jakarta," but known as the...
-
Amazon is developing its drone service in both Seattle (US) and Cambridge (UK) UK drone experts are being sought by Am...
-
Obidike, the leader of the warriors is sent out in the company of other warriors to fetch seven virgins with which to bury the king. Incid...
-
M icrosoft has patched a critical bug in its software that had existed for 19 years. IBM researchers discovered the flaw, which affect...
-
If BitTorrent has its way, you'll be paying for some torrented content before the end of the year thanks to the integration of BitTo...
-
New photos of Nokia’s upcoming Android handset, code named Normandy, have leaked — and rather oddly, it appears the standard Android UI...
-
Nick Statt/CNET A large part of Hyperlapse's cha...
Recent Posts
Sample Text
Blog Archive
-
▼
2014
(
367
)
-
▼
February
(
214
)
- Apple's culture of secrecy delays security respons...
- Black market lights up with 360M stolen credential...
- Why bother to text your girl when BroApp can do it...
- MTN, Globacom, Airtel fined $4m by NCC
- Bitflux wins Nigerian spectrum licence bid
- Jumia Nigeria giving away one PS4 hourly at 50% di...
- LinkedIn testing Chinese language site
- Top Bitcoin exchange MtGox goes offline
- Samsung adds biometrics to latest Galaxy smartphone
- 'Smart' toothbrush grades your brushing habits
- Bitcoin ATMs coming to the U.S.
- Feeling glum, happy, aroused? New technology can d...
- AT&T follows Verizon, offers free global texts wit...
- Apple promises to fix OS X encryption flaw 'very s...
- Quixey's mobile search lets you dig deep into apps...
- BlackBerry CEO confirms Foxconn-made Q20 and Z3 ph...
- Freescale Semiconductor's Kinetis KL03 processor...
- T-Mobile's losses widen as the carrier promotes 'U...
- Microsoft's hardware chief changes roles
- Curved Samsung Gear Fit Review
- New Movies Anywhere app streams Disney's world
- Microsoft in talks to take stake in Dailymotion, r...
- iOS security hole reportedly exposes your screen i...
- Mozilla plans '$25 smartphone' for emerging markets
- Huawei launches 'hybrid' Talkband smart device
- Xbox One price cut to match PlayStation 4
- WhatsApp will expand to voice communications in th...
- Mt. Gox resigns from Bitcoin Foundation Board
- Intel launches new Atom processors
- Broadcom aims to double Wi-Fi speeds with new 802....
- Get Password Depot password manager (Win) for free
- HTC's Desire 610 comes glad in glossy plastic, has...
- First Ubuntu phones
- SanDisk microSD cards hit 128GB
- Android-powered Nokia X great for Microsoft
- BBM to land on Windows Phone this summer
- Trace Mobile numbers or Ip-Address
- Multi Google Talk Login without any software
- 1). Start any application, say Word. Ope...
- Top 20 Tips To Keep Your System Faster
- Brief overview of Unix and Linux commands
- Increase the speed of your internet connection wit...
- HOW TO CHECK ALL PASSWORD IN FIREFOX
- ALL DOS CODES REVEALED – EVERY CODE FOR COMMAND PR...
- SOME COOL KEYBOARD SHORTCUTS FOR PC BEGINNERS
- HOW TO ENJOY WINDOWS 8 VIEW IN WINDOWS 7
- Top 10 Windows 8 tips and tricks
- Schiit Audio's tiny, but powerful $119 tube headph...
- Samsung Galaxy Tab Pro 8.4 review:
- Lie detector on the way to test social media rumours
- Security failings in Linksys and Asus home routers...
- Wurm offer Bounty for game taken offline by DDoS a...
- Stuxnet worm 'targeted high-value Iranian assets'
- South Korea to develop Stuxnet-like cyberweapons
- Netflix speeds lag for Verizon users amid dispute
- Steve Jobs may appear on U.S. postage stamp
- New app helps you fight parking tickets
- Apple security update fixes iOS vulnerability
- Fitbit halts sale of Force fitness band, issues re...
- Samsung Galaxy Gear 2 and Gear 2 Neo spied in leak...
- Google Barge to set sail for new home within a month
- BigRep 3D printer can print whole pieces of furniture
- Google's Project Tango whips up new mapping tech
- Namecheap targeted in monumental DDoS attack
- Samsung Galaxy S5: Most likely features and specs
- 5TB hard drive is here, inside LaCie's latest Thun...
- Google's Tim Bray steps down in the name of workin...
- Leaked specs paint fuller picture for HTC Desire 8
- Muvee Action Studio lets you edit your GoPro video...
- Google acquires Spider.io to combat ad fraud
- Nvidia delivers more KitKat and an LTE-equipped Te...
- Microsoft taps gamers to test next Xbox One update
- Firefox OS taps into Cordova for easier Web-app de...
- Opera: watch an ad, get free mobile Net access
- Obama's commerce secretary to petition Silicon Val...
- Airbnb makes smoke and carbon monoxide detectors m...
- Fatwa forbids Muslims from traveling to Mars
- New Fiskers will have V-8s or batteries, Wanxiang ...
- Google embarks on smart contact lenses for diabetics
- Paul Graham steps down as Y-Combinator president
- Verizon closes Vodafone deal for total control of ...
- Sprint adds Wi-Fi calling to improve voice coverage
- Amazon reportedly prepping Web TV product for March
- Nokia's Here Maps to expand to all Windows 8.1 dev...
- LinkedIn now allows you to block other members
- Supernova secrets seen in X-rays
- 3-D printing 'ink' is way too expensive
- Speculators look to cash in on Bitcoin crisis
- Blackberry boss 'outrage' at T-Mobile iPhone offer
- Malware makers 'tailor' Android threats geographic...
- Microsoft to sell $25 Xbox One Media Remote in March
- Libon to IM friends for free, even if they don't h...
- Yandex suite of free Android tools sidesteps Google
- Microsoft relaunches Office Web Apps as Office Online
- Apple eyes smart magnets to attach accessories to ...
- Another HTC One 2 leak shows new colors for handse...
- The not-so-secret appeal of Snapchat's fleeting st...
- Radiation-free cancer scans may be on the horizon
- Kazam Thunder 2 brings lightning-fast 4G LTE
- Compact, budget Liquid Z4 phone hopes to make a bi...
-
▼
February
(
214
)
Copyright © 2014 Harry Jacks All Rights Reserved. Powered by Blogger.
About Me
Copyright Text
Copyright © 2014 Harry Jacks
All Rights Reserved
All Rights Reserved
0 comments :
Post a Comment