Third-party keyboards could help hackers spy on your iPhone


iPhones are well known for their security, and many people choose to buy iPhones because of that added safety. However, their popularity also makes iPhones appealing targets for hackers and bad actors. Now, hackers have found a way to spy on iPhones by installing third-party keyboards that bypass Apple’s rigorous security checks.

It isn’t completely impossible for malicious code to be served to iPhone customers, but hackers are taking advantage of TestFlight, Apple’s pre-release testing system, which allows app developers to ship unfinished versions of their apps to users. According to a report from Certo Software, hackers are installing third-party keyboards by uploading them to TestFlight.

Once users install the app to test it, the hackers are able to install a custom keyboard that looks just like the iPhone’s default keyboard. From there, the keyboard acts as a keylogger, and logs a ton of the user’s data, including passwords, messages, and more, all without the user ever suspecting it.

Dvorak keyboard enabled on iPhone.
Check your iPhone’s keyboard settings to see which keyboards are installed and active. Image source: Chris Smith, BGR

It’s this use of third-party keyboards to spy on iPhones that could very well lead to some drastic changes in how Apple allows developers to use TestFlight. But, in the meantime, there is something you can do to ensure you aren’t having your information and data logged by a malicious keyboard.

Head over to Settings > General > Keyboard and then navigate down to Keyboards. Here, you’ll be able to see any keyboards you have installed. If you see anything that doesn’t make sense, we recommend deleting it by tapping on the Edit button and then selecting the red minus button to delete the keyboard from your device.

Of course, hackers are bound to find other ways to spy on your iPhone, so make sure you’re always watching what you download and what sites you visit, as just because iPhones are more secure does not make them impossible to hack and…

Source…