On December 4th (local time), the British cybersecurity firm, Certo Software, reported a new method of hacking iPhones. The technique involves installing a keyboard app to monitor iPhone activity, prompting the firm to recommend users to regularly check their keyboard settings.
What are the traditional methods of iPhone hacking?
(Source: Apple)
Typical iPhone hacking targets jailbroken iPhones. Jailbreaking is the act of removing restrictions imposed by the iPhone operating system. While jailbreaking allows the use of software that is not supported by the Apple App Store, it also decreases security.
Hackers also steal iCloud accounts. To bypass the iPhone’s superior security compared to Android, hackers steal Apple IDs and passwords to gain access to user’s iCloud accounts. Since most users link various services to their iCloud, hackers can easily steal contact information, photos, notes, email information, etc.
How is it possible to install a keyboard without the user’s knowledge?
Left – Apple default keyboard / Right – Hacking keyboard (Source: Certo Software)
However, the recently reported case uses a new method. It involves tricking users into installing a malicious keyboard app that then hacks all of the iPhone’s input activity. Certo Software did not disclose the detailed method, fearing it could provide a blueprint for other hackers. However, they warned that it’s a method that can easily be applied to all iPhone models using features provided by the iOS system.
How is the keyboard app installed? This is done using the ‘TestFlight’ platform. TestFlight is a platform that allows for beta testing before an app’s official release. Developers use the platform to distribute pre-release builds and collect feedback, and the review process is simpler than the App Store’s. Hackers exploit this to distribute the app.
Portal where hackers can check what the user has inputted through the keyboard (Source: Certo Software)
Once the app is installed, a hacking keyboard is added to the settings app. The ‘Allow Full Access’ toggle is also automatically enabled. Unbeknownst to the user, they begin to use the hacking keyboard instead of the Apple default keyboard. Aside from a slightly smaller font size, the design is almost identical, making it difficult to notice.
The hacking keyboard acts as a ‘keylogger,’ recording everything the user types into their iPhone. This includes messages, messenger apps, notes, two-factor authentication codes, and even passwords. The information typed into the keyboard is sent to an online portal site that hackers can access from anywhere in the world.
How can you check if you’ve been hacked?
(Source: Certo Software)
Checking if a keyboard has been installed is simple. Go to Settings app > General > Keyboard to check if a keyboard has been installed. By default, only the language keyboard and emoji keyboard should be installed on the iPhone, along with any language keyboards the user has personally installed.
However, if there are other keyboards, it’s best to check if you’ve been hacked. Especially if the keyboard is on ‘Allow Full Access’ mode, there’s a high chance that it’s a hack. Foreign media suggest that if an unknown keyboard is detected, it should be removed immediately. They also mentioned that installing a keylogger detection app from the App Store to run a check can be another method.
(Source: Apple)
Certo Software argues that Apple needs to strengthen its security measures to prevent keyboard hacking. It can be prevented by a simple method: sending a notification to the user every time a keyboard with ‘Allow Full Access’ enabled is newly installed.
The popular American messenger app WhatsApp, sends push notifications to users every time a new device is connected to prevent unknown devices from connecting to the account.
Another method is to strengthen the security of the TestFlight app to the same level as the App Store. It seems safer for Apple to block malicious apps in advance rather than having the users identify them themselves.
However, this is just a hypothesis. Apple has not made a separate statement about the hacking keyboard. IT media outlet BGR explained that even if Apple introduces a new security process, hackers are likely to find a new method. Ultimately, they conveyed that the key to security is for users to carefully check the safety when downloading apps or visiting websites.
By. Ha Young Kim
Most Commented