toggle

AAPL Stock: 117.6 ( -1.03 )

Printed from http://www.macnn.com

'Clean' iPhones may be vulnerable to spyware

updated 01:05 pm EST, Fri December 4, 2009

Undermines Apple position on jailbreaking

Factory-standard iPhones may be as vulnerable to security threats as jailbroken ones, says a Swiss iPhone developer, Nicolas Seriot. In newly-published research, the developer comments that a concept app called SpyPhone is capable of browsing web histories and GPS positions, as well as reading and editing Address Book contents. Crucially the vulnerability does not require exposing iPhone firmware by jailbreaking it.

A real-world attack would require the app to slip by Apple's approval process, which is partly geared towards catching malicious code. Seriot notes however that this is not inconceivable, as a coder could delay the activation of spyware functions, or simply use payload encryption. No exploits or third-party APIs would allegedly be needed.

Seriot argues that as a defense users should have to authorize Address Book access, and that iPhones themselves could stand to adopt firewalls. The latter would force Apple to cope with deteriorated performance.

Apple has traditionally fought against the freedom to jailbreak iPhones, primarily on the basis that it can open people to greater security risks. Several worms have in fact attacked jailbroken units. Others note that it is still relatively easy to guard liberated devices, and that Apple may be as concerned about retaining App Store profits as a safe user experience.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. lkrupp

    Joined: Dec 1969

    +20

    Hard not to laugh...

    "An attack would require the app to slip by Apple's approval process, which is partly geared towards catching malicious code."

    I find it very hard to get all nervous about this "vulnerability". I think the chances of the end-of-the-world happening 12/21/2012 are better than this.

  1. WiseWeasel

    Joined: Dec 1969

    +5

    Idiotic

    Apple has a kill switch capability for just such an occasion. The moment some app starts to transmit personal data, some geek with a jailbroken iPhone and some network activity snooping software running will notice the outgoing data request, and the story will be blown wide open. Apps sending out data will not go unnoticed by the iPhone dev community, who already have to be on the lookout for that type of activity due to their operating outside Apple's relatively safe distribution environment. Once word gets out, it'll take all of a few hours before Apple flips that kill switch and deletes the app from every iPhone it got installed on.

  1. WiseWeasel

    Joined: Dec 1969

    +4

    Note

    Also, note that this does not "[undermine Apple's] position on jailbreaking" as the sub-title to this story states. Apple can remotely kill apps from the App Store on all iPhones immediately (or as soon as the device obtains network access) if they discover malware. They can't do this for apps installed via jailbroken iPhone app repositories. If anything, they just strengthened the argument for at least some level of centrally managed distribution and security.

  1. WiseWeasel

    Joined: Dec 1969

    +2

    Actually...

    Upon reflection, I feel a bit sheepish for being so harsh on the developer (versus the slant the reporter chose to present), and I have to say that both of his proposals sound like excellent ideas. I wish I did have to approve access to the address book for apps to be able to read it. I also wish the iPhone OS had a firewall that intercepted all outgoing internet connections on a per-app basis, similar to Little Snitch, and had the user approve each app's internet access forever/once/never, and be able to modify those settings later. I would strongly welcome both of these security improvements to the iPhone platform.

  1. Fast iBook

    Joined: Dec 1969

    +2

    Let the hype begin...

    I wonder how many people i'll hear talk about this with me. I'll just try not to laugh i suppose.

    - A

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Plantronics BackBeat Pro Bluetooth headphones

Looking for a pair of headphones that can do everything a user requires is a task that can take some study. Trying to decide on in-ear ...

MaxUpgrades 512GB Retina MacBook Pro SSD

Apple's Retina line of MacBook Pro notebooks have been impressive, right from their debut in 2012. Thinner than the previous model, t ...

Lemur BlueDriver

"Oh no, the check engine light is on…again! What one of the hundreds of reasons could it be this time? Probably going to cost a for ...

toggle

Most Commented