Rogue apps could affect non-jailbroken iPhones | iLounge News

News

Rogue apps could affect non-jailbroken iPhones

A Swiss iPhone developer has published research that indicates that security vulnerabilities affecting the iPhone are not limited to jailbroken iPhones. Developer Nicholas Seriot has created a proof of concept app called SpyPhone as a demonstration of how Apple’s own APIs could be misused to read or edit a user’s address book or gain access to a user’s web surfing history or recent location information. For such attacks to succeed, a malicious application would still need to get past Apple’s App Store approval process to be available for non-jailbroken iPhones, however this is not outside of the realm of possibility as such an app would not require the use of any exploits or third-party APIs, and the spyware portion could be hidden by delayed activation or an encrypted payload.

The security researcher detailed these potential iPhone privacy risks in a talk he delivered in Geneva on Wednesday, during which he also outlined possible defense strategies, suggesting that Apple should design the iPhone OS to require users to authorize read or read-write access by iPhone applications to potentially sensitive on-device information such as the Address Book, add firewall functionality to the device and ensure the keyboard cache is not as readily available to third-party applications. (via The Register).

« Mix: Motorola ad, iTunes Holiday, iPhone Orchestra, Bing

EA adds novel episodic content to Surviving High School game »

Related Stories

Comments

1

Authorisation of access to Photos and Contacts sounds pretty unobtrusive, as long as it doesn’t end up being something similar to Windows UAC.

It’s unpleasant when I have to authorise an App for Location Services, but authorising it for Photo and Contact services too may tip over the edge. It’s still preferable to the alternative though.

The iPhone is still more secure than the iPhone+Jailbreaking.

Posted by Dan Woods on December 4, 2009 at 2:47 PM (CST)

2

If such an app was to get through the app store approval process then Apple still have a kill switch that and remove such programs. Therefore this is a bit of a non issue.

Posted by Chuck on December 4, 2009 at 4:07 PM (CST)

If you have a comment, news tip, advertising inquiry, or coverage request, a question about iPods/iPhones/iPad or accessories, or if you sell or market iPod/iPhone/iPad products or services, read iLounge's Comments + Questions policies before posting, and fully identify yourself if you do. We will delete comments containing advertising, astroturfing, trolling, personal attacks, offensive language, or other objectionable content, then ban and/or publicly identify violators.

Commenting is not available in this channel entry.
Sign up for the iLounge Weekly Newsletter

Email:

Recent News

Recent Reviews

Recent Articles

Sign up for the iLounge Weekly Newsletter

Email:

iLounge is an independent resource for all things iPod, iPhone, iPad, and beyond.
iPod, iPhone, iPad, iTunes, Apple TV, Mac, and the Apple logo are trademarks of Apple Inc.
iLounge is © 2001 - 2014 iLounge, Inc. All Rights Reserved. Terms of Use | Privacy Policy