Well, at least the iPhone security people aren’t bored these days. A Swiss iPhone developer has published research that indicates that security vulnerabilities affecting the iPhone are not limited to jailbroken iPhones. Developer Nicholas Seriot has created a proof of concept app called SpyPhone as a demonstration of how Apple’s own APIs could be misused to read or edit a user’s address book or gain access to a user’s web surfing history or recent location information.
For such attacks to succeed, a malicious application would still need to get past Apple’s stringent App Store approval process to be available for non-jailbroken iPhones, however this is not outside of the realm of possibility as such an app would not require the use of any exploits or third-party APIs, and the spyware portion could be hidden by delayed activation or an encrypted payload.
Seriot detailed these potential iPhone privacy risks in a talk he delivered in Geneva on Wednesday, during which he also outlined possible defense strategies, suggesting that Apple should design the iPhone OS to require users to authorize read or read-write access by iPhone applications to potentially sensitive on-device information such as the Address Book, add firewall functionality to the device and ensure the keyboard cache is not as readily available to third-party applications.
[Via The Register]
Popularity: 1% [?]
Novothink rolls out Solar Surge iPhone / iPod touch charging case
DARPA looking to develop iPhone and Android apps, App Store
iDongle hardware iPhone jailbreak tool makes hacker life a little simpler
iPhone SDK 3.2 showing first hints of multitasking for third-party apps?
iPad pre-order is go!
Case-Mate’s Hug wireless iPhone charging solution
Sam Fisher to Debut on iPhone in New Splinter Cell Game
TomTom Update to Include Real-Time-Traffic, Google Search, and More
First iPad ad premieres during the Oscars