toggle

AAPL Stock: 562.29 ( -3.03 )

'Clean' iPhones may be vulnerable to spyware

updated 01:05 pm EST, Fri December 4, 2009

Undermines Apple position on jailbreaking


Factory-standard iPhones may be as vulnerable to security threats as jailbroken ones, says a Swiss iPhone developer, Nicolas Seriot. In newly-published research, the developer comments that a concept app called SpyPhone is capable of browsing web histories and GPS positions, as well as reading and editing Address Book contents. Crucially the vulnerability does not require exposing iPhone firmware by jailbreaking it.

A real-world attack would require the app to slip by Apple's approval process, which is partly geared towards catching malicious code. Seriot notes however that this is not inconceivable, as a coder could delay the activation of spyware functions, or simply use payload encryption. No exploits or third-party APIs would allegedly be needed.

Seriot argues that as a defense users should have to authorize Address Book access, and that iPhones themselves could stand to adopt firewalls. The latter would force Apple to cope with deteriorated performance.

Apple has traditionally fought against the freedom to jailbreak iPhones, primarily on the basis that it can open people to greater security risks. Several worms have in fact attacked jailbroken units. Others note that it is still relatively easy to guard liberated devices, and that Apple may be as concerned about retaining App Store profits as a safe user experience.


by MacNN Staff

print
email
(8)

TAGS :

 iPhone, security

Related Articles

Recent Articles

toggle

Comments

  1. lkrupp

    Fresh-Faced Recruit

    Joined: May 2001

    +20
    12/04, 01:12pm | report spam | (1 reply) Reply |

    Hard not to laugh...

    "An attack would require the app to slip by Apple's approval process, which is partly geared towards catching malicious code."

    I find it very hard to get all nervous about this "vulnerability". I think the chances of the end-of-the-world happening 12/21/2012 are better than this.

  1. WiseWeasel

    Fresh-Faced Recruit

    Joined: Apr 1999

    +5
    12/04, 03:04pm | report spam | (1 reply) Reply |

    Idiotic

    Apple has a kill switch capability for just such an occasion. The moment some app starts to transmit personal data, some geek with a jailbroken iPhone and some network activity snooping software running will notice the outgoing data request, and the story will be blown wide open. Apps sending out data will not go unnoticed by the iPhone dev community, who already have to be on the lookout for that type of activity due to their operating outside Apple's relatively safe distribution environment. Once word gets out, it'll take all of a few hours before Apple flips that kill switch and deletes the app from every iPhone it got installed on.

  1. WiseWeasel

    Fresh-Faced Recruit

    Joined: Apr 1999

    +4
    12/04, 04:08pm | report spam | Reply |

    Note

    Also, note that this does not "[undermine Apple's] position on jailbreaking" as the sub-title to this story states. Apple can remotely kill apps from the App Store on all iPhones immediately (or as soon as the device obtains network access) if they discover malware. They can't do this for apps installed via jailbroken iPhone app repositories. If anything, they just strengthened the argument for at least some level of centrally managed distribution and security.

  1. WiseWeasel

    Fresh-Faced Recruit

    Joined: Apr 1999

    +2
    12/04, 06:19pm | report spam | Reply |

    Actually...

    Upon reflection, I feel a bit sheepish for being so harsh on the developer (versus the slant the reporter chose to present), and I have to say that both of his proposals sound like excellent ideas. I wish I did have to approve access to the address book for apps to be able to read it. I also wish the iPhone OS had a firewall that intercepted all outgoing internet connections on a per-app basis, similar to Little Snitch, and had the user approve each app's internet access forever/once/never, and be able to modify those settings later. I would strongly welcome both of these security improvements to the iPhone platform.

  1. Fast iBook

    Fresh-Faced Recruit

    Joined: Mar 2003

    +2
    12/04, 11:45pm | report spam | Reply |

    Let the hype begin...

    I wonder how many people i'll hear talk about this with me. I'll just try not to laugh i suppose.

    - A

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

iHome iW2 AirPlay speaker

iHome generally isn't known as a luxury brand when it comes to audio, but it is prolific -- the company's docks and speakers are every ...

Logitech Ultrathin Keyboard Cover

One of the iPad's main weaknesses has always been productivity. It's not a question of apps; while it has taken a little time for a na ...

Logitech UE Air Speaker

If maybe a little more slowly than Apple would like, AirPlay is becoming a staple of the wireless speaker market for iOS devices. The ...

toggle

Most Commented

 

Popular News