News
Rogue apps could affect non-jailbroken iPhones
By Jesse Hollington
Social Media & Software Editor, iLoungeGoogle+
Published: Friday, December 4, 2009
News Categories: iPhone
A Swiss iPhone developer has published research that indicates that security vulnerabilities affecting the iPhone are not limited to jailbroken iPhones. Developer Nicholas Seriot has created a proof of concept app called SpyPhone as a demonstration of how Apple’s own APIs could be misused to read or edit a user’s address book or gain access to a user’s web surfing history or recent location information. For such attacks to succeed, a malicious application would still need to get past Apple’s App Store approval process to be available for non-jailbroken iPhones, however this is not outside of the realm of possibility as such an app would not require the use of any exploits or third-party APIs, and the spyware portion could be hidden by delayed activation or an encrypted payload.
The security researcher detailed these potential iPhone privacy risks in a talk he delivered in Geneva on Wednesday, during which he also outlined possible defense strategies, suggesting that Apple should design the iPhone OS to require users to authorize read or read-write access by iPhone applications to potentially sensitive on-device information such as the Address Book, add firewall functionality to the device and ensure the keyboard cache is not as readily available to third-party applications. (via The Register).
Related Stories
- Apps: Foursquare 6.2, Hyper Breaker Turbo, Pandora 4.3 + Shazam 6.0
- Apps: ABC Aquarium, Disney Jr. Appisodes, Pinterest 2.4 + Pocket Informant Pro 3.0
- Report: iOS 7 could see Flickr, Vimeo integration
- Google Play Music All Access to get iOS app support?
- AT&T: All video chat apps will work over cellular in 2013
- New Apple offers in India can reduce iPhone price
Comments
If you have a comment, news tip, advertising inquiry, or coverage request, a question about iPods/iPhones/iPad or accessories, or if you sell or market iPod/iPhone/iPad products or services, read iLounge's Comments + Questions policies before posting, and fully identify yourself if you do. We will delete comments containing advertising, astroturfing, trolling, personal attacks, offensive language, or other objectionable content, then ban and/or publicly identify violators.
Recent News
- Apple WWDC Keynote set for June 10
- Apps: Foursquare 6.2, Hyper Breaker Turbo, Pandora 4.3 + Shazam 6.0
- Apple patent application details interactive AirPlay, TV
- Report: iWatch pushed to late 2014?
- Griffin releases iPhone 5 Survivor + Catalyst Waterproof Case
- OtterBox acquires LifeProof
- LifeProof debuts Frē case for iPad mini
- Logitech debuts Wired Keyboard for iPad
- New Apple online store design alters focus, hides deals
- Apps: ABC Aquarium, Disney Jr. Appisodes, Pinterest 2.4 + Pocket Informant Pro 3.0
Recent Reviews
- C4 Electronics Dolry HiFi Stone 30-Pin AirPlay Adapter
- Boombotix Boombot Rex Bluetooth Wireless Speaker
- Nuu Splash Portable Waterproof Bluetooth Wireless Speaker
- Scosche boomBottle Weatherproof Sport Wireless Speaker
- HMDX Jam Plus Bluetooth Wireless Speaker
- Fitbit Flex Wireless Activity & Sleep Wristband
- Cambridge Audio Minx Air 100 + 200 Bluetooth + AirPlay Wireless Speakers
- Mophie Juice Pack Plus for iPhone 5
- Ultimate Ears UE Boom
- Trü Protection Trü-Fit Anti-Glare Film Set
Recent Articles
- iMessages showing as Delivered when iPhone is out of coverage
- Inability to use Find My Friends without a passcode
- Calendar info disappears after iCloud restore
- Remove old iCloud backup after restoring to a new iPhone
- Setting up a ringtone in iTunes
- Using a Wi-Fi hard drive with an iPad
- Backing up and restoring an iPod classic
- Can’t restore iPod touch without passcode
- Retaining older versions of Apps during an iOS Restore
- Can’t eject iPod nano without closing Firefox
1
Authorisation of access to Photos and Contacts sounds pretty unobtrusive, as long as it doesn’t end up being something similar to Windows UAC.
It’s unpleasant when I have to authorise an App for Location Services, but authorising it for Photo and Contact services too may tip over the edge. It’s still preferable to the alternative though.
The iPhone is still more secure than the iPhone+Jailbreaking.
Posted by Dan Woods on December 4, 2009 at 11:47 AM (PST)
2
If such an app was to get through the app store approval process then Apple still have a kill switch that and remove such programs. Therefore this is a bit of a non issue.
Posted by Chuck on December 4, 2009 at 1:07 PM (PST)