Friday 26 September 11:30 - 12:00, Red room.Tao Wei FireEyeMin Zheng FireEyeHui Xue FireEyeDawn Song FireEye This paper is available online (HTML, PDF). download slides (PDF)FireEye mobile security researchers have found several severe security flaws in the iOS7 architecture which allow a malicious app to monitor every screen tap and button press and other events (to be released after the Apple fix) in the background on non-jail-broken iOS7. Furthermore, an attacker could hide such malicious behaviour in an app and bypass Apple's app security review process in various ways, or inject such malicious behaviours by exploiting a vulnerability in a benign app. Putting the steps together, we show that serious, targeted attacks on iOS are feasible and realistic. We will discuss the implications of iOS7 security architecture and the challenges in addressing them. Click here for more details about the conference.