AAPL Stock: 117.81 ( -0.22 )

Printed from

'Clean' iPhones may be vulnerable to spyware

updated 01:05 pm EST, Fri December 4, 2009

Undermines Apple position on jailbreaking

Factory-standard iPhones may be as vulnerable to security threats as jailbroken ones, says a Swiss iPhone developer, Nicolas Seriot. In newly-published research, the developer comments that a concept app called SpyPhone is capable of browsing web histories and GPS positions, as well as reading and editing Address Book contents. Crucially the vulnerability does not require exposing iPhone firmware by jailbreaking it.

A real-world attack would require the app to slip by Apple's approval process, which is partly geared towards catching malicious code. Seriot notes however that this is not inconceivable, as a coder could delay the activation of spyware functions, or simply use payload encryption. No exploits or third-party APIs would allegedly be needed.

Seriot argues that as a defense users should have to authorize Address Book access, and that iPhones themselves could stand to adopt firewalls. The latter would force Apple to cope with deteriorated performance.

Apple has traditionally fought against the freedom to jailbreak iPhones, primarily on the basis that it can open people to greater security risks. Several worms have in fact attacked jailbroken units. Others note that it is still relatively easy to guard liberated devices, and that Apple may be as concerned about retaining App Store profits as a safe user experience.

by MacNN Staff




  1. lkrupp

    Joined: Dec 1969


    Hard not to laugh...

    "An attack would require the app to slip by Apple's approval process, which is partly geared towards catching malicious code."

    I find it very hard to get all nervous about this "vulnerability". I think the chances of the end-of-the-world happening 12/21/2012 are better than this.

  1. WiseWeasel

    Joined: Dec 1969



    Apple has a kill switch capability for just such an occasion. The moment some app starts to transmit personal data, some geek with a jailbroken iPhone and some network activity snooping software running will notice the outgoing data request, and the story will be blown wide open. Apps sending out data will not go unnoticed by the iPhone dev community, who already have to be on the lookout for that type of activity due to their operating outside Apple's relatively safe distribution environment. Once word gets out, it'll take all of a few hours before Apple flips that kill switch and deletes the app from every iPhone it got installed on.

  1. WiseWeasel

    Joined: Dec 1969



    Also, note that this does not "[undermine Apple's] position on jailbreaking" as the sub-title to this story states. Apple can remotely kill apps from the App Store on all iPhones immediately (or as soon as the device obtains network access) if they discover malware. They can't do this for apps installed via jailbroken iPhone app repositories. If anything, they just strengthened the argument for at least some level of centrally managed distribution and security.

  1. WiseWeasel

    Joined: Dec 1969



    Upon reflection, I feel a bit sheepish for being so harsh on the developer (versus the slant the reporter chose to present), and I have to say that both of his proposals sound like excellent ideas. I wish I did have to approve access to the address book for apps to be able to read it. I also wish the iPhone OS had a firewall that intercepted all outgoing internet connections on a per-app basis, similar to Little Snitch, and had the user approve each app's internet access forever/once/never, and be able to modify those settings later. I would strongly welcome both of these security improvements to the iPhone platform.

  1. Fast iBook

    Joined: Dec 1969


    Let the hype begin...

    I wonder how many people i'll hear talk about this with me. I'll just try not to laugh i suppose.

    - A

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented