New iPhone Security Threat Lets Hackers Record Every Word You Type
British cybersecurity company Certo Software just detailed how keyboard-based iPhone spyware are on the rise. iOS is normally quite well-protected from security intrusions due to its more walled-off ecosystem. In fact, privacy and security is something Apple touts in pretty much all its launch events, but cybercriminals might have found a chink in the armor.
With apps on the App Store being under tight scrutiny, normally requiring a deep vetting process before being available for download, hackers have found a new way of installing malicious keyboards to spy on people's iPhone activity. Basically once installed, the keyboards record every single thing the user types, which include messages, URLs, passwords, bank account information, and so on.
Traditionally, hackers were only able to install spyware on some kind of compromised iPhone (either one that's jailbroken or via access to the victim's iCloud account). Certo reports a new technique that uses TestFlight—a testing platform used by developers to test new iOS apps. Since TestFlight is NOT subjected to Apple's strict review process for apps in the App Store, all cybercriminals have to do is covertly install a small container app through TestFlight onto a victim's iPhone after which keylogging keyboards can be deployed.
To find out if your device is affected by this security threat, head over to Settings > General > Keyboard > Keyboards. There are normally two standard keyboards, one in your language (e.g. "English (US)") and the other would be "Emoji." If there's a third keyboard that you're quite certain you didn't install (especially one that has "Allow Full Access" activated), you need to delete it by tapping Edit, tapping the red minus icon, and then tapping Delete.
