Inherent Security Flaws Detected On iPhone

Tue, Dec 8, 2009 Hacks

iPhone security flaws exposed by SpyPhone iphone app

We have recently witnessed quite a few worm attacks on jailbroken iPhones.

In case you thought non-jailbroken iPhones are not vulnerable to such attacks, you could be wrong.

A Swiss iPhone app developer, Nicolas Seriot claims that it is pretty easy to install spyware on iPhones using iPhone apps built with just one of those Apple-approved APIs without the need for any kind of phishing or hacking attempts. In a discussion in Geneva, Seriot outlines the possible ways by which your confidential information on the iPhone can be compromised.

Seriot has developed a proof-of-concept iPhone app called SpyPhone that can help illustrate the dangers involved. According to him, the major areas of concern are regarding address book spying, browser history records, keyboard cache records and GPS information. The spyware can compromise a lot of confidential information by snooping into these. For instance the keyboard cache can contain user passwords in their records and access to address books can also mean the ability for spyware to edit and trasmit information.

Could such spyware apps be already present in the App Store? Seriot does not rule out the possibility. According to him, it is quite easy for spyware app developers to sneak their iPhone apps through the app approval process. This is because these apps can allay suspicions by delaying the actual deployment of the spyware script or by encrypting the payload.

According to Nicolas Seriot, though the Apple iPhone is still among the most secure platforms in the market, it is still far from being completely secure and makes a few suggestions that can help. These suggestions include prompting users to authorise read or read-write access to the iPhone address book, making keyboad caching an OS service, securing the Wi-Fi connection history and incorporating an outgoing firewall into the OS.

Seriot’s revelations and request for tighter control comes at a time when Apple has been trying hard to convince customers who have long been accusing the company of holding the platform too tight. How will these new revelations affect Apple’s policies. We will have to wait and watch.

[via The Register]

Tags: , , , , , , , , ,

Leave a Reply

Top Stories


How to Downgrade iPhone 3.1 Baseband From 05.11.07 to 04.26.08
Every time there is a new firmware coming out, updating puts you at risk of updating your baseband a...
Tutorial: Jailbreak iPhone 3G on 3.1 Using PwnageTool
This guide and tutorial will show you how to jailbreak your iPhone 3G running firmware 3.1, using Pw...
How to Downgrade iPhone 3GS From Firmware 3.1 to 3.0
Saurik, the creator of Cydia, has come up with a way to downgrade the iPhone 3GS from firmware 3.1 t...
MobileInstallation Patch For iPhone 3.1
With the release of iPhone OS 3.1, a new MobileInstallation patch is needed. I’ve been looking aro...

More top stories ?

Advertisement

 


Back to top

© 2010 Free iPhone Hacks Magazine. All rights reserved. Powered by Wordpress.