Eaton & Associates, as a Managed Service Provider (MSP), safeguarding our clients’ digital environments is vital. In recent developments, a concerning security breach has come to our attention, impacting iPhone users. One of the reasons individuals choose iPhones is for their robust security which is now being exploited by a clever cyber-attack.
According to a recent report from Russell Kent-Payne at Certo Software, hackers have devised a cunning method to circumvent Apple’s security measures by employing third-party custom keyboards. These malicious keyboards are being used as tools to spy on unsuspecting iPhone users, compromising their private messages, browsing history, and even passwords.
Certo Software initiated an investigation following multiple reports of cyberstalking incidents where the perpetrators seemed to possess intimate knowledge of the victims’ iPhone activities. Subsequently, the discovery was made that malicious third-party keyboards were present on all affected devices.
This attack distinguishes itself from more conventional techniques as it doesn’t require jailbreaking the target’s iPhone or gaining access to their iCloud account. Instead, it leverages third-party keyboards as a keylogger on exploited devices. Hackers discreetly capture and transmit all keystrokes made by an iPhone user through these manipulated keyboards.
This exploitation uses Apple’s TestFlight platform, normally used for testing iOS apps before being released on the App Store. By deploying malicious keyboards through TestFlight, hackers can evade Apple’s security scrutiny, as the platform lacks the stringent security checks applied to App Store apps.
To identify whether your iPhone has fallen victim to this security threat, take the following steps:
- Open the Settings app on your iPhone.
- Navigate to General, then Keyboard, and finally Keyboards.
- Observe the list of standard keyboards, typically one in your language and another named “Emoji.”
- If you notice an additional keyboard that you did not install, especially one with “Allow Full Access” enabled, exercise caution.
Should you discover an unrecognized custom keyboard, promptly remove it by:
- Tapping on “Edit.”
- Selecting the red minus button next to any unfamiliar keyboard.
- Tapping “Delete” to eliminate the potential threat.
As your trusted MSP, we remain committed to keeping you informed about emerging threats and assisting you in fortifying your digital defenses against evolving cyber risks. Stay vigilant, and if you have concerns or require further assistance, do not hesitate to reach out to our dedicated support team.