A security firm called FireEye has discovered a new security flaw in iOS which can be exploited by a malicious app to keep track of screen taps as well as log all keystrokes. The test was conducted on a non-jailbroken iOS 7.0.4 device on which a “monitoring” application was installed. FireEye hasn’t revealed exactly how it was able to install the app on the device, given the fact that Apple has strict measures in place that safeguard its mobile devices against sideloading of apps. Its possible to do so on a jailbroken device though.
According to the firm, this security flaw exists in the way iOS handles background applications. So basically the monitoring app runs in the background and spies on “every character the victim inputs,” that would be all screen taps and every keystroke, so essentially everything the victim does on their device is out in the wild. One could disable the Background App Refresh setting, however the malicious app could simply be disguised as a music app, which would continue to monitor activity. The researchers say this flaw exists on iOS 7.0.4 as well as all subsequent incremental updates, even iOS 6.1.x. While Apple hasn’t commented on this flaw as yet, FireEye says that they have been working with Apple on this flaw, so at least the company’s aware of it.