Another iOS Security Flaw Discovered
Hot on the heels of news regarding major security exploits found in Apple’s iOS and OSX operating systems, it seems that iPhone users are still vulnerable to attacks. Even though the aforementioned security hole was filled this week, this new exploit—which could allow hackers to monitor iOS 7 devices via a background monitoring app—has yet to be fixed by Apple, though apparently the company is currently working on a solution with mobile security firm FireEye, who posted a report on the issue two days ago.
According to the report, FireEye found that both jailbroken and non-jailbroken iOS devices are vulnerable to background monitoring apps that can find their way onto devices without the users’ knowledge. Such apps can record the different screens a user loads on the device—and, worse, can log the touches and key-presses a user inputs, meaning that passwords or unlock codes are ripe for the picking.
FireEye proved the exploit’s existence by creating its own proof-of-concept “monitoring” app that does everything described above, and successfully found vulnerabilities in iOS versions 7.0.5, 7.0.6, and 6.1.x. As of now, there’s no fix for the exploit. So what should concerned users do?
The report recommends taking advantage of the iPhone’s task manager, which can be accessed by pressing the Home button twice. From there, users can “see preview screens of apps opened, and then swipe an app up and out of preview to disable unnecessary or suspicious applications running on the background.” While iOS7 has a built in functionality that kills idle apps running in the background, the report says that this “background app refresh” function can be bypassed, so it’s best to just hit the task manager often.
What’s the upshot here? If it wasn’t clear already, it’s that Apple products are no safer than non-Apple products. That’s a myth that goes way back to the early days of the PC-Mac rivalry, in which Mac fans would boast that Apple computers were safer. The myth persists into the iOS vs. Android debate, largely because iOS apps are curated while Android apps are easier to download and install to your phone.
In the end, as Apple products adoption numbers rise, so too does the potential for malicious software to invade. That little Apple logo may mean you’ve got one of the cooler gadgets around, but don’t let it lull you into a false sense of security.