Cybercriminals have found a way to hack an iPhone with third-party custom keyboards

According to a new report from Certo Software a “troubling new hacking method” has emerged—cybercriminals have found a way to bypass Apple’s normal security checks and use third-party custom keyboards to spy on people’s iPhone activity.

Once one of these malicious keyboards has been installed on an iPhone, hackers can use it to gain unauthorized access to every keystroke on a victim’s device. This allows them to record private messages, browsing history, and even passwords.

Then folks at Certo Software — which makes security software for iOs and Androids devices — say these keyboards pose a significant threat, especially in domestic tech abuse situations where an abuser uses technology to harass, stalk, or intimidate a partner. The software company says the best way to check if you’re affected is to review your installed keyboards in your device’s Settings app. To do this, go to Settings > General > Keyboard > Keyboards.

You’ll usually see two standard keyboards: one in your language—for example, ‘English (US)’—and another, named ‘Emoji’. Any other keyboard could be suspicious, especially if it has ‘Allow Full Access’ turned on.

If you find a keyboard you don’t recognize, remove it immediately.

To delete unrecognized custom keyboards on your iPhone, follow these steps:

• Tap Edit
• Tap the red minus button next to any keyboard you don’t recognize
• Tap Delete

In response to the Certo Software has added keylogger detection to its free iPhone app, Certo Mobile Security.