So you thought you’re iPhone was safe from getting any worm or virus because you didn’t jailbreak it? Think again! We talked before about Ikee, iPhone/Privacy.A and other unnamed worms but only those jailbroken iPhones were vulnerable. Now your brand new stock iPhone may get infected too…
According to the Register:
Swiss iPhone developer Nicolas Seriot has published research on security shortcomings that could create a mechanism for hackers to lift data from regulation iPhones. Email accounts, keyboard entries held in cache and browser history files are all potentially exposed by a malicious app.
Seriot has developed a proof of concept app, called SpyPhone, in order to demonstrate how Apple’s own APIs might be misused to read or edit a user’s address book, browse web surfing history, recent GPS position and more.
The full presentation is available for download from here (pdf).
If you’re thinking that you’re still safe because Apple will never allow such an app in the App Store, then you’re wrong. As Martin Bryant reports, it seems that it’d be relatively easy to fool Apple into approving a spyware app by delaying deployment of the spyware, encrypting the payload or by using clever coding tricks.
Scary, isn’t it? More scary is that some of these apps might already be in the App Store. Haaaaaaa! Alright, people, relax! While this is all true and possible, I highly doubt that we should worry too much for now.
Are you worried?