Advertisements
 

iPhone Security Issues Not Exclusive To Jailbroken Devices

In the past few months there have been multiple worms released into the wild that affected inadequately protected jailbroken iPhones. However a Swiss iPhone developer has published research that indicates that there are also security vulnerabilities affected un-jailbroken devices too. This doesn’t come as much of a surprise to most as it was only a matter of time.

The developer, Nicholas Seriot has created a proof of concept app called SpyPhone to demonstrate how Apple’s own APIs can be used to read and edit user’s address books, gain access to the user’s web surfing history or even recent location information. Although this is not as bad as what can be done with root permissions to the device, it can still effect users, especially when they think they are safe.

For the attacks to work, the application with the malicious code would need to get through the App Store approval system, however this wouldn’t be very hard as pointed out by many developers, as Apple doesn’t check source code but does have a kill switch on every app. The code would be delayed, so that it only beings to work so many weeks after the app is released or it could be an encrypted payload.

Nicholas Seriot detailed these possible iPhone privacy risks in a talk he delivered in Geneva, during which he also outlined possible defense strategies, suggesting that Apple should design the iPhone OS to require users to authorize read or read-write access by iPhone applications to potentially sensitive on-device information such as the Address Book, add firewall functionality to the device and ensure the keyboard cache is not as readily available to third-party applications.

Developers Research

Related:
How To: Change Your iPhone’s SSH Password

Dutch Hacker Hack’s Into Jailbroken iPhone’s
iPhone Worm Rickrolls Jailbroken Devices
Second iPhone Worm Used For Malicious Purposes

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: