A vulnerability that enables you to record and monitor which button you pressed on the iPhone or iPad was discovered, proving that it was possible to create an application you could misuse

ByBassem Tamimi

Released on February 21, 2014 "IOS 7.0.6"As a vulnerability that has not been corrected, we will provide a countermeasure tool such as malware that" can monitor the behavior of users from the background "FireEyeWe also created applications that can be discovered and demonstrated by the company, and the results and the methods of self-defense that can be done at the moment are released.

Background Monitoring on Non-Jailbroken iOS 7 Devices - and a Mitigation | FireEye Blog
http://www.fireeye.com/blog/technical/2014/02/background-monitoring-on-non-jailbroken-ios-7-devices-and-a-mitigation.html


FireEye researchers created a "Concept Verification Application" that enables monitoring of iOS 7-equipped devices and carried out the test. The application records touch and push of "touch screen", "home button", "volume button", "Touch ID" in the background, and has the function to send the behavior of the recorded user to the remote server.


JailbreakA vulnerability has been discovered that enables fraud monitoring from the background on iOS devices that have been jailed (jailbroken), but this test demonstrates that fraud monitoring from the background is possible even for iOS devices that have not jailbroken by this test It has been demonstrated that the monitoring application works similarly in iOS 7.0.4, 7.0.5, 7.0.6 and 6.1.x.

Behavior of background of unnecessary application is the function of iOS 7 "App background updateIt can be prevented by turning off. However, music applications can play music regardless of whether it's on or off, so if you wish to disguise the monitored application as a music app, you will be able to keep monitoring constantly regardless of the setting.


According to FireEye, "Task Manager" is effective to avoid vulnerability. Just push the Home button twice, slide unnecessary applications up and completely finish. You can slide up to three at the same time. It is safe to habitually complete unnecessary applications until the official vulnerability is fixed.