Flaw in iOS allows someone to track everything you do on an iPhone

25 Feb 2014

A flaw in Apple’s iPhone operating system allows an outsider to track every action the user makes on the smartphone, a team of researchers have discovered.

The report published by FireEye reveals the flaw exists on Apple’s iOS versions 7.0.4, 7.0.5, and 7.0.6, as well as the older 6.1.x.

By installing an app that easily bypasses the App Store’s verification process, the FireEye team was able to use this app to take advantage of the iPhone’s multi-tasking programming to track a user’s every touch of the iPhone’s keypad, something which could give a thief the ability to figure out a user’s PIN code.

In its blog post, the team explained to iPhone users with these version of the OS, how to protect themselves until Apple can directly address the problems. “Before Apple fixes this issue, the only way for iOS users to avoid this security risk is to use the iOS task manager to stop the apps from running in the background to prevent potential background monitoring.

“(The) iOS7 users can press the Home button twice to enter the task manager and see preview screens of apps opened, and then swipe an app up and out of preview to disable unnecessary or suspicious applications running on the background.”

It hasn’t been a good start to the week for Apple and its iOS, as it was only recently discovered that its software failed to address a massive flaw in the system which, through a small piece of code, would be able to bypass basic encryption, dubbed ‘gotofail’, which is used on many websites to prevent users accessing other users’ passwords and any other data which may be harmful in the wrong hands.

Colm Gorey was a senior journalist with Silicon Republic