Background Monitoring on Non-Jailbroken iOS 7 Devices

Posted on February 25, 2014 by mea

We have created a proof-of-concept “monitoring” app on non-jailbroken iOS 7.0.x devices. This “monitoring” app can record all the user touch/press events in the background, including, touches on the screen, home button press, volume button press and TouchID press, and then this app can send all user events to any remote server, as shown in Fig.1. Potential attackers can use such information to reconstruct every character the victim inputs.

via Background Monitoring on Non-Jailbroken iOS 7 Devices — and a Mitigation | FireEye Blog.

Before Apple fixes this issue, the only way for iOS users to avoid this security risk is to use the iOS task manager to stop the apps from running in the background to prevent potential background monitoring.

Yikes! This might be a problem for android devices as well. I have noticed that since a device stays on 24/7 resident apps can build up in the background because even though you think you closed an app it sometimes doesn’t actually close as in terminate until its icon is touched to activate. The proof of concept above got this “keylogger” through Apple’s App Store which is pretty remarkable.

On Covert Acoustical Mesh Networks in Air

Posted on November 25, 2013 by mea

Different applications of covert acoustical mesh networks are presented, including the use for remote keylogging over multiple hops. It is shown that the concept of a covert acoustical mesh network renders many conventional security concepts useless, as acoustical communications are usually not considered. Finally, countermeasures against covert acoustical mesh networks are discussed, including the use of lowpass filtering in computing systems and a host-based intrusion detection system for analyzing audio input and output in order to detect any irregularities.

via On Covert Acoustical Mesh Networks in Air – Volume 8, No. 11, November 2013 – Journal of Communications.

Thieves allegedly install keyloggers to capture credit cards at Nordstrom

Posted on October 12, 2013 by mea

The keyloggers the thieves used imitate the look and design of PS/2 keyboard connectors, priced around $30-40. They are connected in series with a keyboard cord, between the computer and the keyboard, to intercept data transmitted between the two.

via Thieves allegedly install keyloggers to capture credit cards at Nordstrom | Ars Technica.

Popular RATs Found Riddled With Bugs, Weak Crypto

Posted on October 13, 2012 by mea

The researchers, in conjunction with their research paper (PDF), released tools for decrypting RAT traffic and proof-of-concept exploits for the bugs they found. They found that the tools include weak, or no, encryption: Bandook, for example, uses obfuscation, not encryption, to protect its traffic between the victim’s machine and the C&C server.

“A good understanding of their protocols is critical to network and system administrators deploying tools that can notice the presence of a RAT,” they said.

RAT = Remote Administrative Tool which is a tool used by the bad guys to snoop on a victim. To the victim this is more commonly referred to as a trojan.

Bucktown Bell

Cut to the chase.

Tag Archives: keylogger

Background Monitoring on Non-Jailbroken iOS 7 Devices

On Covert Acoustical Mesh Networks in Air

Thieves allegedly install keyloggers to capture credit cards at Nordstrom

Popular RATs Found Riddled With Bugs, Weak Crypto