Home Another iOS 7 Bug: This One Could Let Somebody Secretly Track You

Another iOS 7 Bug: This One Could Let Somebody Secretly Track You

Researchers have discovered a new security flaw in iOS 7 that could allow a malicious app to monitor and track a user’s touch and button inputs while quietly running in the background. The flaw, according to research firm FireEye, buries itself in the multitasking functionality of iOS and automatically transmits all user inputs to a remote server.

See also: Apple’s iOS 7.1 Update Can’t Come Too Soon, Because The Bugs Are Piling Up

To demonstrate the new security exploit, FireEye’s researchers created a proof-of-concept monitoring app and installed it on a device running iOS 7, effectively bypassing Apple’s App Store review process. Once installed, the app was able to track all kinds of user inputs, from the keyboard to the volume and power buttons to Touch ID verification events—even screen touches were tracked with precise coordinates.

News of the security bug arrives less than a week after Apple was forced to respond to another major vulnerability involving the way iPhones, iPads and Macs securely connect to websites via Wi-Fi or cellular. The flaw would have allowed malicious hackers to capture and modify supposedly safe data from Apple’s Safari browser. The issue has been fixed for iPhones and iPads running iOS 6 or 7, but Apple is still planning to release a fix for Mac computers running OS X “very soon.”

Exterminating The Bugs

Apple issued an urgent fix for last week’s security flaw—iOS 7.0.6—but this week’s exploit affects all current non-jailbroken versions of iOS, including iOS 7 and iOS 6.1.x.

The only way for users to fix this issue before Apple does, according to the researchers, is to manually remove open apps from the multitasking bar, which appears with two consecutive presses of the home button. Once you open the multitasking manager, simply swipe the preview screens of the open apps to the top of the screen to close them. Apple also has a setting called “Background App Refresh,” which disallows applications from updating themselves while not in use, but FireEye said this setting could not disable the malicious code from logging data.

FireEye said it’s working with Apple to fix the issue, but Cupertino has yet to publicly confirm the new security bug. I’ve reached out to Apple and I’ll update this story as soon as I learn more.

In the meantime, we’re still waiting on iOS 7.1, which will reportedly release in March with a number of visual improvements and fixes for exploits, battery issues and sudden shutdowns.

Lead image by Reuters; right image courtesy of FireEye

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.