We have recently witnessed quite a few worm attacks on jailbroken iPhones.
In case you thought non-jailbroken iPhones are not vulnerable to such attacks, you could be wrong.
A Swiss iPhone app developer, Nicolas Seriot claims that it is pretty easy to install spyware on iPhones using iPhone apps built with just one of those Apple-approved APIs without the need for any kind of phishing or hacking attempts. In a discussion in Geneva, Seriot outlines the possible ways by which your confidential information on the iPhone can be compromised.
Seriot has developed a proof-of-concept iPhone app called SpyPhone that can help illustrate the dangers involved. According to him, the major areas of concern are regarding address book spying, browser history records, keyboard cache records and GPS information. The spyware can compromise a lot of confidential information by snooping into these. For instance the keyboard cache can contain user passwords in their records and access to address books can also mean the ability for spyware to edit and trasmit information.
Could such spyware apps be already present in the App Store? Seriot does not rule out the possibility. According to him, it is quite easy for spyware app developers to sneak their iPhone apps through the app approval process. This is because these apps can allay suspicions by delaying the actual deployment of the spyware script or by encrypting the payload.
According to Nicolas Seriot, though the Apple iPhone is still among the most secure platforms in the market, it is still far from being completely secure and makes a few suggestions that can help. These suggestions include prompting users to authorise read or read-write access to the iPhone address book, making keyboad caching an OS service, securing the Wi-Fi connection history and incorporating an outgoing firewall into the OS.
Seriot's revelations and request for tighter control comes at a time when Apple has been trying hard to convince customers who have long been accusing the company of holding the platform too tight. How will these new revelations affect Apple's policies. We will have to wait and watch.
[via The Register]
Anybody stop to think that Apple may have developers out there creating apps and viruses to take advantage of such security flaws on jailbroken iphones? things that make you go hmm
@ Andres Alvarez Jr. you are a FUCKIN IDIOT. This article is aimed at NON-Jailbroken iPhones. Next time dont just read the article and post. You must understand what is being said before you put your 2 cents in. MORON.
Everyone will be paranoid now.
" I've got one that can see !!! "
+theyliveandwesleep.com+
" TL Agenda Commericials !!! "
+theyliveandwesleep.com+
We all know that virgin iPhone security sucks.
You can find so many app that will crush the security of iphone within a minutes.. they should invest more in security so they would loose less..
@ Noneya Go Fuck yourself. What a dick.
@ Noneya Go Fuck yourself. What a dick.
Children please!
Obviously, Andres didn't read the article closely and is subject to light ridicule. However, the name calling is getting rough.
The main issue now is that with this developer's revelation ( should check to see if he is getting a kickback from apple) now apple will have another excuse to not put flash on the iPhone and further tighten the reigns on the OS.
Very interesting read. Ive already read a ton of stuff about iphone apps being pirated. Apple should really do something about this!
Hopefully I can be of assistance to current and up and coming developers.
I specialise in the recruitment of iPhone developers and I am a great contact to have if you’re a developer. I have access to some of the best App development companies and I am passionate about what I do!
Drop me an Email: wharford@keypeople.co.uk
Connect with me on LinkedIn, http://uk.linkedin.com/in/wharford (I accept all requests)
Or call me 00441727 817641
just change the a(iphone) root password : )