Hackers Bypass Apple's Checks to Deliver Malicious Keyboards Used to Spy on Users: Report

Here's how to identify if your iPhone has been infected with a keyboard designed to spy on you and your online activity — and how to get rid of it.

Written by David Delima | Updated: 8 December 2023 19:00 IST

Hackers Bypass Apple's Checks to Deliver Malicious Keyboards Used to Spy on Users: Report

Photo Credit: Unsplash/ Martin Sanchez

Users can check their smartphone for keyboard-based stalkerware via the Settings app

Highlights

Hackers have found a way to bypass Apple's stringent checks for spyware
The keyboard spyware is distributed via Apple's TestFlight platform
iPhone users must beware of unidentified keyboard apps on their phone

iPhone users could be targeted by malicious keyboards that can bypass Apple's stringent security checks to spy on user activity, according to a report. While apps that are distributed via the App Store are checked by Apple, these third-party keyboards are installed via another avenue that allows developers to test their apps on iOS. Once installed, these keyboards can be used to discreetly spy on a user and collect their sent messages, passwords, browsing history, bank credentials, and any other text entered on the phone.

Security firm Certo Software reports that third-party keyboards are being distributed by hackers as a form of 'stalkerware' — spyware apps or services used to monitor and stalk people online. While it is difficult to distribute these malicious apps via the App Store as Apple scans these apps before they are published, hackers have reportedly begun distributing these apps via TestFlight.

Apple's keyboard (left) compared with the malicious keyboard
Photo Credit: Certo Software

Apple's TestFlight service is an online platform that allows developers to invite people to test out unreleased software or run beta tests of their software, before it is published to the App Store. According to Certo Software, hackers are using the same platform to distribute malicious third-party keyboards to people, which can then be installed on an iPhone belonging to an unsuspecting partner, friend, or family member.

Here's Why You Need to Uninstall These 'SpyLoan' Apps From Your Phone

Once installed, the keyboard requires another setting to be enabled on the target's iPhone that allows third-party keyboards to collect a user's data. By default, no keyboard on iOS is allowed to access the Internet. Once this permission is enabled, the keyboard is able to transmit all keystrokes that are collected — including chat messages, passwords, notes, browsing history, OTP codes, bank credentials, and other information.

A screenshot of one of these keyboards shared by Certo Software illustrates how similar the malicious keyboard appears to Apple's default keyboard, making it difficult for users to identify such apps on their smartphone. Data captured from the phone can be viewed by a stalker via a web portal, according to the firm.

Information captured from a target's phone can be viewed via a web portal
Photo Credit: Certo Software

The security firm points out that Apple could implement a notification system — similar to WhatsApp's new login alert that is shown a few hours later — to notify users when a new keyboard is installed on their smartphone.

How Fake Chrome, Safari Updates Can Infect Your Mac With AMOS Malware

The security firm says that users can protect themselves from these kinds of software by opening the Settings app and tapping General > Keyboard > Keyboards. You should see the name of the language you type in — for example, English (UK) — and Emoji. Any third-party keyboards you have installed, like SwiftKey or Gboard will also show up here. However, if you recognise any unknown keyboards here, you can use the Edit button to quickly delete it.

Another sign that unauthorised software has been installed on your phone without your permission is if you haven't installed the TestFlight app on your phone but find it in your App Library or in the Settings app. You can also change your device passcode to ensure only you can access your phone, and seek support from online resources if you suspect you are a target of stalkerware on your devices, including your smartphone or computer.

Is the Samsung Galaxy Z Flip 5 the best foldable phone you can buy in India right now? We discuss the company's new clamshell-style foldable handset on the latest episode of Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

Affiliate links may be automatically generated - see our ethics statement for details.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: iPhone, Spyware, Stalkerware, iOS spyware, TestFlight, Apple

David Delima

Email David Delima

As a writer on technology with Gadgets 360, David Delima is interested in open-source technology, cybersecurity, consumer privacy, and loves to read and write about how the Internet works. David can be contacted via email at DavidD@ndtv.com, on Twitter at @DxDavey, and Mastodon at mstdn.social/@delima. More