Hackers have found a sneaky new way to spy on iPhone users — here’s how

One of the many reasons people decide to go with one of the best iPhones over their Android counterparts is due to security. However, as iPhones are known for being less prone to hacking, this also makes them the perfect target for hackers and other cybercriminals.

Now though, it appears that hackers have figured out a clever way to bypass Apple’s security checks through the use of third-party custom keyboards that let them spy on iPhone users.

According to a new report from security researcher Russell Kent-Payne at Certo Software, this new attack method uses malicious keyboards to record private messages, browsing history and even passwords from unsuspecting iPhone users.

Certo decided to look into the matter after the cybersecurity firm received multiple reports of cyberstalking incidents in which the stalkers appeared to know everything that their target had typed into their iPhone. Following its investigation, malicious third-party keyboards were found on all of the affected devices.

Whether you use an iPhone with a third-party keyboard yourself or are worried about being spied on, here’s everything you need to know about this new threat including steps you can take to protect yourself.

Abusing TestFlight to install custom keyboards

A image depicting the stock iPhone keyboard next to a malicious one

The default iOS keyboard can be seen on the left while a custom keyboard that works as a keylogger is pictured on the right. (Image credit: Certo Software/Tom’s Guide)

Normally when it comes to spying on iPhone users, an attacker would need to jailbreak a target’s device or gain access to their iCloud account. What sets this new attack apart though, is that it doesn’t rely on either of these methods to spy on iPhone users.

Although they’re not normally dangerous, this attack weaponized third-party keyboards by using malicious ones to serve as keyloggers on vulnerable devices. From here, a hacker can discreetly capture and transmit all of the keystrokes an iPhone user makes on their device.

While Certo didn’t go into all of the nitty gritty details about this attack to avoid providing other hackers with a blueprint, it did explain how it works. To reach potential victims, the hackers behind this campaign are abusing Apple’s own TestFlight…

Source…