Think your non-jailbroken iPhone is safe from spyware? It might be time to think again.
New research from a Swiss iPhone developer has exposed a number of exploits that could be used by hackers to sneak spyware into the iTunes store. What’s more, he thinks there may even be spyware on the App Store already.
Nicolas Seriot has created a proof-of-concept app called SpyPhone to show how developers could invade users’ privacy. Seriot’s aim was to create an app that would compromise a user’s private data using only officially sanctioned Apple APIs, no hacking techniques and no links to a user’s Facebook or Twitter account.
In a talk in Geneva this week, Seriot demonstrated how his SpyPhone app could steal a wide variety of user data that could be a goldmine for marketers. This includes:
- The address book (even going as far as editing address book entries without the user’s knowledge)
- Browser history and YouTube searches
- Possible user passwords via keyboard cache records
- A good guess at your location. While a direct request for your location via GPS requires user confirmation, developers can query the maps preferences and weather preferences. A history of some of the places you travel to thanks to your geotagged photos.
Now, you’re probably thinking that there’s no way Apple would allow such software into the App Store, right? Seriot reckons it would be relatively easy to fool Apple into approving a spyware app by delaying deployment of the spyware, encrypting the payload or by using clever coding tricks.
Seriot ended his talk by calling for much tighter security controls on the iPhone, including an outgoing firewall built right into the OS. He also suggested that there is likely to be spyware already going un-noticed on the iTunes Store; a frightening thought.
Given that the iPhone is such a key part in Apple’s future strategy, we wouldn’t be surprised if iPhone OS 4.0, due next summer, features some heavy improvements in the security of the device. Until then you would do well to think twice about trusting Apple’s review process 100% – just in case.
You can read the whole of Nicolas Seriot’s presentation on iPhone security as a PDF file here.
[via The Register]
Good article! This is a (major) problem on all smartphone platforms that expose APIs into personal data.
The iPhone application sandbox goes pretty far in terms of restricting and controlling to where an app can reach out.
Everything Nicolas described can be fixed pretty easily by adding the same user prompts to the address book (and other) APIs, that we already have for requesting a users location. Done.
I hope we will see these in iPhone OS 4.0.
The Android platform has a lot more exploits due to its 100% open nature. The whole concept of applications mash-ups allows a variety of sophisticated attacks.
Maybe it’s time to invest into a smartphone virus protection company? Maybe not.
> The Android platform has a lot more exploits
> due to its 100% open nature.
Possibly the most ridiculous, non-substantive statement ever seen on this website…quite an accomplishment, even for you.
I suppose you can choose to ignore (or simply misunderstand) sandboxing and other technical aspects. But let’s note that – at each install – Android offers the user a clear overview of what the application proposes to access. If you don’t like it or think it smells fishy, then don’t install the app.
Meanwhile, Apple broadly suggests that their closed/review system adds to the user’s overall security. Yet, just recently, we’ve learned that an approved game was collecting the users’ phone numbers and/or contact info. Some job by the gatekeepers, huh? ‘Open’ and ‘closed’ are not the primary issues, here.
You would think that the number one smartphone maker would have considered the possibility of this happening and done something about it in advance.
Nothing has happened. This is all speculation. If there are issues, Apple will deal with it. Once again, just another hacker wannabe with a lot of time on his hands coming up with supposed issues with no grounds in reality.
“Seriot *reckons* it would be relatively easy to fool Apple into approving a spyware app by delaying deployment of the spyware, encrypting the payload or by using clever coding tricks.” I reckon I can fly to the moon if I jump hard enough.
Details and examples or it didn’t happen.
> Nothing has happened. This is all speculation.
Uhm, no. It isn’t.
http://preview.tinyurl.com/ygo7qu4
Small but interesting point – he advocates measures like an outbound firewall be included in iPhone OS 4.0. There’s a very effective one available now if you’re jailbroken :)
This comment was originally posted on FriendFeed