The Daily Caller

The Daily Caller
A woman poses for a photo illustration with an iPhone as she plays Candy Crush in New York February 18, 2014. King, the Swedish firm behind hit mobile phone game Candy Crush Saga, is planning a U.S. stock market debut which some analysts think could value it at more than $5 billion and herald a flurry of technology company listings this year.   REUTERS/Carlo Allegri (UNITED STATES - Tags: BUSINESS SCIENCE TECHNOLOGY) - RTX19278 A woman poses for a photo illustration with an iPhone as she plays Candy Crush in New York February 18, 2014. King, the Swedish firm behind hit mobile phone game Candy Crush Saga, is planning a U.S. stock market debut which some analysts think could value it at more than $5 billion and herald a flurry of technology company listings this year. REUTERS/Carlo Allegri (UNITED STATES - Tags: BUSINESS SCIENCE TECHNOLOGY) - RTX19278  

NEW iPhone security flaw lets hackers record every tap of the screen

A digital security company has discovered another new security flaw in Apple’s iOS iPhone software that allows hackers to record all of a user’s screen taps and log all of their keystrokes.

Network security firm FireEye found the new bug, which allowed researchers to take advantage of the way iPhones run applications in the background to install a “monitoring” application on a standard, non-jailbroken iOS 7.0.4 device.

The monitoring app runs constantly in the background and records ”every character the victim inputs,” according to an Ubergizmo report. That includes every tap of the screen — including keyboard strokes — essentially collecting everything an iPhone user does on their device in secret, and transmitting it outside the smartphone into the web-wild.

Though the option exists to disable the “Background App Refresh” in iOS, which would close apps running in the background, the hack also allows the monitoring application to disguise itself as a music app, which would then continue to record data activity.

FireEye has yet to reveal exactly how it was able to install the app on an iPhone, which employs strict programming to prevent this exact form of app sideloading. The firm said the security exploit exists on iOS updates since 7.0.4, and can also be performed on jailbroken devices that have been hacked off a proprietary network like AT&T or Verizon.

Apple has yet to comment on the flaw, the latest in a series of security vulnerabilities exposed since Friday that revealed iPhones, iPads and Macs could be hacked to steal users’ private data —  including emails, account logins, and credit card numbers — while connected to public WiFi networks.

FireEye said it is working with Apple to fix the security flaw.

Follow Giuseppe on Twitter