Hackers Bypass Apple Security with Keystroke-Stealing Keyboards

In the ever-evolving landscape of cyber threats, a new and disturbing method of iPhone hacking has emerged, catching both users and cybersecurity experts off-guard. This technique, leveraging third-party custom keyboards, represents a significant shift in how attackers can bypass Apple’s renowned security measures to gain intimate access to a user’s personal data.

These custom keyboards, often used for enhancing typing experiences like grammar improvement or emoji additions, have now been weaponized. Cybercriminals are exploiting these keyboards’ capabilities to function covertly as keyloggers, capturing every keystroke made by the user. This includes sensitive data like private messages, browsing history, and passwords, turning these keyboards into a goldmine for hackers.

Image Credit: Certo Software

Alarmingly, these hacking tools pose a significant threat in domestic tech abuse scenarios. In such cases, an abuser can easily install these malicious keyboards on a partner’s device, enabling them to monitor and control their victim’s digital interactions. Certo Software’s investigations into cyberstalking incidents revealed the alarming use of these custom keyboards, underscoring the urgency to address this issue.

The process of installing these malicious keyboards is worryingly straightforward. Often distributed through platforms like TestFlight, which bypasses the rigorous screening of the App Store, these spyware-laden keyboards can be installed with just a few taps. Once set as the default input method, they are virtually indistinguishable from standard keyboards, silently recording and transmitting every keystroke to a remote server accessible to the perpetrator.

Identifying these covert keyloggers is challenging, as they often mimic the appearance of standard keyboards. The best defense is proactive checking of installed keyboards in the device’s settings. Any keyboard beyond the standard language and emoji keyboards, especially those with ‘Full Access’ permissions, should be viewed with suspicion and removed if unrecognized.

This new hacking method highlights a critical gap in current security practices. Recommendations include notifying users when a new keyboard with ‘Full Access’ is installed, akin to WhatsApp’s alert system for new device connections. Additionally, more stringent checks for TestFlight app submissions, particularly those with embedded custom keyboards, could significantly reduce the risk of these apps being misused by hackers.

The emergence of keyboard-based iPhone hacking is a stark reminder of the need for constant vigilance in the digital age. As cyber threats evolve, so must our awareness and defensive strategies. This situation underscores the importance for users to regularly review their device settings and for companies like Apple to continually enhance security measures to protect against such insidious threats.