According to cybersecurity company Certo Software, hackers sought to bypass Apple’s strict security controls to steal user data through TestFlight.
A user is using iPhone for texting. Photo: BAPT
Developers are provided by Apple with a separate area, called TeetFlight, to test applications before posting them to the App Store. Here, developers can upload unfinished apps, then send links to specific testers. Test users will use the entire application or some features in it, then give feedback to perfect the product.
However, hackers have taken advantage of this function to trick into installing keyloggers, a type of malware used to record keystrokes, without the user’s knowledge. According to Certo Software, bad guys will disguise the keylogger in a small application, using the TestFlight tool to bypass Apple’s security tests.
Finally, they will send the link of the pre-installed malicious application to the target user via email, text message or other tools. When installing the app, the iPhone will automatically install a keylogger without the phone owner’s knowledge.
When the keylogger is successfully installed, it will automatically switch Apple’s default keyboard to the new keyboard. Because it is designed with the same interface as Apple’s keyboard, users may not notice the difference. From this fake software, hackers can record all keyboard inputs, such as bank accounts and social networks, and send them to a remote server.
According to Certo Software, the way to check if your iPhone has a keylogger is to go to Settings > General > Keyboard > Keyboards > Edit > delete installed keyboards if you feel suspicious.
In addition, users should not download applications from unknown or unreliable sources, only download applications from the official App Store or from reputable developers. If you use TestFlight to test the application, you should carefully read the application description and reviews before installing. Do not grant access to any custom keyboard that you do not feel confident with.
Apple has not commented on Certo Software’s research results.
Bao Lam (according to Fox News )
EN 
VI
Leave a Reply
You must be logged in to post a comment.