Click to Skip Ad
Closing in...
  1. Prime Day Deals
    11:01 Deals

    Check these early Prime Day deals with prices so low, it’s like Amazon made a mistak…

  2. Mattress Topper Amazon
    14:44 Deals

    33,000 Amazon shoppers say this mattress topper deserves 5 stars – today it’s…

  3. Amazon Deals
    10:42 Deals

    Today’s best deals: Free $25 from Amazon, $600 projector for $230, $8 wireless charg…

  4. Prime Day Deals
    10:03 Deals

    Prime Day starts Monday – but these amazing Prime Day deals start now

  5. Best Smart Home Devices 2021
    08:45 Deals

    10 smart home devices on Amazon you’ll wonder how you ever lived without

Scary iPhone malware can spy on you even after you close infected apps

August 27th, 2015 at 2:07 PM
iPhone iOS 8 Ins0mnia Malware

A rather scary piece of iPhone malware would let an attacker spy on a target using an approved App Store app without the person’s knowledge. In fact, the malware app could continue to gather data for the hackers — or for a spy agency — even after the infected app is closed by the user. Apple apparently fixed this huge vulnerability beginning with iOS 8.4.1, but earlier iOS builds are still affected.

DON’T MISS: New free iPhone app will change the way you use email – watch the video if you don’t believe us

If you stop using an app and minimize it to the background, the app stops working after about three minutes to save processor power and thus battery life. But the Ins0mnia bug, discovered by security researchers at FireEye, will keep the app operating even when Apple’s operating system suspends it.

Using this Ins0mnia bug, hackers would be able to fool iOS into thinking that the app is being debugged, which would skirt iOS’s protocols. The app would then keep transmitting data to a third party. Even worse, the app keeps working even if the user decides to quit all apps running on the iPhone from the app switcher UI.

The security team explained in a blog post that Apple’s measures are also meant to prevent eavesdropping features. “A music app may have legitimate reason to ask permission to access GPS location and microphone while working in the foreground, but few users would want the app to run in the background and continually monitor GPS locations and record audio,” the company wrote. “The control by iOS is supposed to prevent such abuse of permissions.”

As The Register points out, that example seems to apply to a what-if scenario related to Spotify. The popular music service updated its privacy settings last week with wording that appeared to suggest it wanted to gather user data without the user having the chance of opting out, and many users were upset by the new terms of service.

The researchers also say that an app taking advantage of this particular iOS flaw could have had “a high high probability of passing the Apple Store review, making it a rare loophole for an attacker to distribute malware within Apple’s walled garden.”

It’s not clear what apps, if any, actually took advantage of this security vulnerability.

Chris Smith started writing about gadgets as a hobby, and before he knew it he was sharing his views on tech stuff with readers around the world. Whenever he's not writing about gadgets he miserably fails to stay away from them, although he desperately tries. But that's not necessarily a bad thing.

Popular News