IPhone, and iPad device exposes a new vulnerability that tracks users’ every action with background monitoring. According to FireEye security research, the exploit targets IOS multitasking abilities and catches user inputs. Security researchers at FireEye created a proof =of-concept monitoring app for non-jailbroken IOS 7 device.
FireEye has discovered an access that avoids Apple’s application review process efficiently and could exploit non- jailbroken IOS 7 successfully. Below is an image of background monitoring, which is actually a keylogger Trojan that allows hackers to monitor user’s action on the device like touching the screen, pressing home and volume button and sends all accumulated events to a remote server.
Potential hacker can use such collected information and reconstructs every character or input made by user. FireEye declared that the same vulnerability is also remained in other versions like 7.0.5, 7.0.6, and 6.1.x. Hackers can mislead the user by phishing activity and could install a malicious app.
However, apple device has facility of background app refresh, but hackers can ignore it when they enter a malicious app pretending as a legitimate app to perform background monitoring.
The security firm is working with Apple on this issue but before any update come, the simple way to stop background apps is to use task manger. IOS7 users can tap home button twice to access task manager and can stop running background app.
Before few days, Apple had announced IOS 7.0.6 update that fix SSL vulnerability by restoring validation steps. This vulnerability was prevailed in IOS previous versions like 6.1.5, 7.0.4, and 7.0.5. Such SSL vulnerability ignored SSL verification, and hackers can steal user’s information including username, passwords, and other confidential data.
Thanks to FireEye and it is understood that frequent updates from device manufacturers are so much important to avert further vulnerabilities. In current time, where hackers are daily exploring new techniques to find security gap in Smartphone and other device, it is better to take precautions to avert further disasters.
FireEye has discovered an access that avoids Apple’s application review process efficiently and could exploit non- jailbroken IOS 7 successfully. Below is an image of background monitoring, which is actually a keylogger Trojan that allows hackers to monitor user’s action on the device like touching the screen, pressing home and volume button and sends all accumulated events to a remote server.
Potential hacker can use such collected information and reconstructs every character or input made by user. FireEye declared that the same vulnerability is also remained in other versions like 7.0.5, 7.0.6, and 6.1.x. Hackers can mislead the user by phishing activity and could install a malicious app.
However, apple device has facility of background app refresh, but hackers can ignore it when they enter a malicious app pretending as a legitimate app to perform background monitoring.
The security firm is working with Apple on this issue but before any update come, the simple way to stop background apps is to use task manger. IOS7 users can tap home button twice to access task manager and can stop running background app.
Before few days, Apple had announced IOS 7.0.6 update that fix SSL vulnerability by restoring validation steps. This vulnerability was prevailed in IOS previous versions like 6.1.5, 7.0.4, and 7.0.5. Such SSL vulnerability ignored SSL verification, and hackers can steal user’s information including username, passwords, and other confidential data.
Thanks to FireEye and it is understood that frequent updates from device manufacturers are so much important to avert further vulnerabilities. In current time, where hackers are daily exploring new techniques to find security gap in Smartphone and other device, it is better to take precautions to avert further disasters.
The Post was actually written by Sara Wright - An Internet Marketing Expert at ClickSSL.com