fig1

Researchers at security firm FireEye are highlighting an exploit involving iOS’s multitasking architecture to enable a nefarious (or exploited) app to record user touch events, Home Button presses and other events even whilst the app is backgrounded. It has always been theoretically possible for apps to record touch events whilst foregrounded, as the app needs access to the touch input to respond to user events. However, FireEye are demonstrating that this is possible even when the iOS app is not frontmost.

The researchers claim they submitted a proof-of-concept to the App Store, including this covert tracking exploit, and it passed Apple’s approval process. The flaw affects all versions of iOS 7, as well as iOS 6.1. FireEye is in communication with Apple about this security hole, which means that Apple is likely to roll out a fix in an upcoming release.

In the meantime, the only way to protect yourself from this issue is to undertake (the rather impractical) task of consistently removing apps from the iOS 7 multitasking tray, which prevents any background operations from running.

FTC: We use income earning auto affiliate links. More.


Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author