While iPhones are renowned for their security due to a closed operating system and frequent security updates, a recent discovery by researchers at the UK-based cybersecurity firm Certo unveils a new hacking technique. Cybercriminals are employing third-party custom keyboards to circumvent Apple’s standard security checks, potentially compromising the security of users’ iPhone activities, despite regular security patches.
Once a malicious keyboard is installed on an iPhone, hackers can illicitly obtain access to every keystroke on the victim’s device. This unauthorized access enables them to pilfer private messages, browsing history, and even passwords from users.
What renders this hacking technique particularly hazardous?
Monitoring an iPhone is typically challenging, necessitating either jailbreaking the target’s smartphone or accessing their iCloud account. However, this novel method is notably perilous as it operates independently of these conventional prerequisites. Compatible with all iPhone models, the latest technique utilizes an existing feature within the iOS system, eliminating the need for specialized technical skills.
Custom keyboards on iOS are frequently employed to enhance grammar, facilitate translations, or introduce new emojis. Yet, when configured in a specific way, these custom keyboards can clandestinely operate as keyloggers. In this capacity, they covertly record and transmit every keystroke made by the user, granting hackers comprehensive access to the typed information.
The role of these custom keyboards in aiding hackers
Hackers install a compact app with an integrated custom keyboard onto the targeted device. The investigation report asserts that the developers of spyware frequently distribute these apps through the TestFlight platform. TestFlight is primarily employed for testing new iOS apps before their official release on the App Store.
The spyware developers are likely using TestFlight to elude detection by Apple. It’s crucial to emphasize that TestFlight apps do not undergo the same rigorous review process as apps in the primary App Store. Therefore, an app that appears harmless could potentially serve as a conduit for introducing a keylogger.
After installation on the iPhone, the attacker activates the custom keyboard through the Settings app, configuring it to possess ‘Full Access’ to the device. Subsequently, the assailant substitutes the iPhone’s default keyboard with this customized version. The appearance of these keyboards is nearly indistinguishable.
The nefarious keyboard systematically records every input made by the victim on their iPhone and transmits the data to an online portal, accessible by the hacker from any location worldwide.
The gathered information may encompass private messages, passwords, two-factor authentication codes, notes, and essentially any text input within any app on an iPhone.
How users can discern if they are under attack
The optimal method for users to ascertain if they are impacted is by examining the installed keyboards in their device’s Settings app. To perform this check, navigate to Settings > General > Keyboard > Keyboards.
In this section, users will observe only two standard keyboards, such as ‘English (US)’ and another labeled ‘Emoji’. Any additional keyboard may raise suspicion, particularly if it has ‘Allow Full Access’ enabled.
If users come across an unfamiliar keyboard, it is advisable to promptly remove it. To eliminate unrecognized custom keyboards on iPhones, users should tap Edit, choose the red minus button alongside any unfamiliar keyboard, and then select the Delete option.