New Malware Records Everything You Do on Your iPhone

January 31, 2014 – 5:56 PM

Everyone typically beats up on Android for posing a security risk, with its third-party app stores and Google’s open access policies. But Apple iOS is not entirely above the fray, as a new proof-of-concept (PoC) “screenlogging” malware shows.

Neal Hindocha, a senior security consultant for Trustwave, is planning to demonstrate a PoC malware at the upcoming RSA Conference in San Francisco that goes beyond keylogging to record absolutely every interaction that a person has with his or her iPhone or iPad. It monitors finger-swipes on the touchscreen while taking screenshots, so a criminal would know what the user is doing and with what app.

Parsing that information would be very labor-intensive for a would-be hacker, so the malware is inappropriate for use at scale. But, it could be used for very targeted, small-batch campaigns, such as lifting a specific person’s online banking credentials, or capturing VPN log-in details for corporate espionage purposes. It could even be used to glean log-in details for free Netflix video streaming, or Facebook hijacking – useful for suspicious spouses and concerned parents alike.

The idea was hatched as Trustwave was researching the evolution of financial malware on the Windows platform, Hindocha told Forbes. The finance vertical is beginning to combat keylogging trojans with new types of password approaches, prompting Hindocha to consider corresponding information-capture strategies. Appropriate given the rise of mobile banking, he decided to see how new methods could play out on smart devices.

It records the X and Y axis of a touch on the screen, and then plots the location onto the screenshot. He told Forbes that it can also be programmed to only capture information when users are in a specific app – culling the data a hacker needs to sift through and also improving the targeting capabilities.


You must be logged in to post a comment.