Developer warns of yet another big iPhone security flaw

Zach Epstein

September 25, 2014 at 1:40 PM

iOS 8 is still causing big headaches in unexpected places

Apple really isn’t having a good week. Things started out well enough when Apple revealed on Monday morning that more than 10 million combined iPhone 6 and iPhone 6 Plus handset were sold during their debut weekend. Then came “Bendgate.” And iOS 8.0.1. And the revelation that Apple is entirely at fault for the huge nude celebrity photo leak. Piling on top of this growing list is a blog post from app developer Craig Hockenberry, who reveals a big and potentially frightening security issue in iOS 8 and earlier versions of Apple’s mobile software.

FROM EARLIER: It’s Apple’s fault that the world has seen naked photos of Jennifer Lawrence

Hockenberry, one of the developers who helped build the popular app Twitterrific, has posted at length about a serious security issue that affects all iOS devices.

The gist of the issue is this: in-app browsers in third-party iOS apps have the ability to log keystrokes as they’re typed. In other words, when a browser window pops up in an app to let you log into a service like Google, Facebook or Twitter, it’s possible that your login details can be stolen. Worse yet, credit card data or bank login details can be stolen if entered in a browser window in a third-party app.

A few notes about the above video from Hockenberry:

The information at the top of the screen is generated by the app, not the web page. This information could easily be uploaded to remote server.
This is not phishing: the site shown is the actual Twitter website. This technique can be applied to any site that has a input form. All the attacker needs to know can easily be obtained by viewing the public facing HTML on the site.
The app is stealing your username and password by watching what you type on the site. There’s nothing the site owner can do about this, since the web view has control over JavaScript that runs in the browser.

For more on this issue, head over to Hockenberry’s blog, which is linked below in the source section.

This article was originally published on BGR.com

News

Life

Entertainment

Finance

Sports

New on Yahoo

Developer warns of yet another big iPhone security flaw

Recommended Stories

Former MLB infielder, Little League World Series star Sean Burroughs dies at 43

Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race

The best RBs for 2024 fantasy football, according to our experts

Juan Soto’s unapologetic intensity and showmanship are captivating the Bronx and rubbing off on teammates: ‘Literally every pitch is theater’

The FDIC change that leaves wealthy bank depositors with less protection

Which pickup trucks get the best fuel economy? Here are the tops for gas mileage (or diesel)

Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'

Former NBA guard Darius Morris dies at 33

Golf’s moment of truth is here, and the sport is badly flailing

Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'

How rich homebuyers are avoiding high mortgage rates

2024 Fantasy Football Mock Draft, 1.0

Ranking the best situations for the rookie quarterbacks: Start with Michael Penix in Atlanta at No. 1

Yahoo Fantasy staff's Mock Draft 1.0: Shocking picks are plentiful

The best budgeting apps for 2024

Caitlin Clark catches fire from 3 in WNBA preseason; Arike Ogunbowale's late heroics send Wings past Fever

Post-draft NFL fantasy power rankings: Offenses we love, like and want to stay away from

Mortgage rates drop for the first time in five weeks with experts adjusting their forecasts

Recession-proof stocks are leading the market's latest leg higher

Cardinals lose C Willson Contreras after left arm fractured by J.D. Martinez's swing