Apple's iOS platform is facing more security woes after researchers found a flaw that could let apps grab touchscreen impressions, even on non-jailbroken devices.
Security firm FireEye reported the findings in a blog post earlier this week, and demonstrated a proof-of-concept app that can measure touch interactions, including those on the Touch ID fingerprint scanner, which led to key-logging concerns.
"FireEye mobile security researchers have discovered [a] vulnerability, and found approaches to bypass Apple's app review process effectively and exploit non-jailbroken iOS 7 successfully. We have been collaborating with Apple on this issue," it said in a blog post.
"We have created a proof-of-concept 'monitoring' app on non-jailbroken iOS 7.0.x devices. This 'monitoring' app can record all the user touch/press events in the background, including, touches on the screen, home button press, volume button press and Touch ID press, and then this app can send all user events to any remote server."
Malicious users could exploit the flaw – which the researchers said is present in iOS versions 7.0.4, 7.0.5, 7.0.6 and 6.1.x – by phishing a victim into loading a blighted or malicious app, after which they would be able to begin background monitoring.
V3 contacted Apple for comment on the flaw but had received no reply at the time of publication. Until a fix is released, FireEye advised to keep an eye on what apps you use and which ones you allow to continue running in the background.
"iOS 7 users can press the home button twice to enter the task manager and see preview screens of apps opened, and then swipe an app up and out of preview to disable unnecessary or suspicious applications running in the background," advised FireEye.
The warning comes soon after Apple was forced to issue a quick fix for iOS after it realised that a coding error on the platform meant Secure Sockets Layer (SSL) technology was effectively redundant on devices.
Apple was slower to release a fix for this on its Mac OS X platform, although this did eventually arrive on Tuesday evening.
RAND claims AI could enhance strategic stability by improving accuracy in intelligence collection and analysis
How NoSQL database technology and IoT sensors are being put to work saving endangered elephants and tigers
MarkLogic's David Northmore reveals how Dutch social enterprise Sensing Clues is using the latest technology to track poachers and protect endangered species
TSB IT fiasco has "all the hallmarks of an IT meltdown", claims Treasury Committee chair Nicky Morgan MP
The first appeals over Apple's Irish taxes will take place in the autumn, confirms Ireland's finance minister