Iphones: Explained: What is keyboard-based hacking on iPhones

iPhones are usually considered one of the most secure devices as they run a closed operating system and receive regular security updates. However, security patches may not be enough to combat this new threat. Researchers at UK-based cybersecurity firm Certo have discovered a new hacking method that cybercriminals are using to bypass Apple’s normal security checks.To spy on user’s iPhone activity, hackers are using third-party custom keyboards.
Hackers can gain unauthorised access to every keystroke on a victim’s device once one of these malicious keyboards has been installed on an iPhone. The keystroke access will help them to steal private messages, browsing history and even passwords from users.
What makes this hacking method ‘dangerous’
Surveillance on an iPhone is quite challenging as a hacker would either need to jailbreak a target’s smartphone or gain access to their iCloud account. However, this new technique is more dangerous as it does not rely on any of these usual prerequisites. The latest technique is compatible with all iPhone models, uses an existing feature within the iOS system and doesn’t require any specialised technical skills for operating.
Custom keyboards are commonly used on iOS to improve grammar, perform translations or add new emojis. However, when set up in a specific manner, these custom keyboards can function covertly as keyloggers. This allows them to discreetly capture and transmit all keystrokes made by the user, providing hackers with detailed access to the typed information.
How these custom keyboards are helping hackers
Hackers are installing a small app containing an embedded custom keyboard on the target’s device. The report claims that the spyware developers that were investigated often distribute these apps through the TestFlight platform. This platform is used mainly for testing new iOS apps before they are released on the App Store.
These spyware developers are likely attempting to avoid detection by Apple by deploying the dangerous apps via TestFlight. It is important to note that TestFlight apps are not subjected to the same strict review process as apps from the main App Store. This means an app that may seem harmless may also serve as a carrier to introduce a key-logger.

Once the app is installed on the iPhone, the attacker then enables the custom keyboard via the Settings app and configures it to have ‘Full Access’ to the device. Next, the perpetrator switches the iPhone’s default keyboard with this custom version. These keyboards are almost identical.
The malicious keyboard then records everything that the victim types on their iPhone and sends it to an online portal which can be accessed by the hacker from anywhere in the world.
Captured information can include things like private messages, passwords, two-factor authentication codes, notes and essentially anything typed into any app on an iPhone.
How user can know if they are being attacked
The best way for a user to check if they’re affected is to review their installed keyboards in their device’s Settings app. To do this, go to Settings> General > Keyboard > Keyboards.
Here users can see only two standard keyboards, for example, ‘English (US)’—and another named ‘Emoji’. Any other keyboard could be suspicious, especially if it has ‘Allow Full Access’ turned on.
If users find a keyboard they don’t recognise, they should remove it immediately. To delete unrecognised custom keyboards on iPhones users need to tap Edit. Then select the red minus button next to any keyboard they don’t recognise and tap the Delete option.