Over the past few weeks as the news of iPhone worms struck us hard, highlighting the dangers of a jailbroken iPhone / iPod touch; a report now suggests that the non-jailbroken Stock iPhone’s aren’t as safe as they are perceived either. iPhone developer Nicholas Seriot has posted his findings which show a number of possible loopholes that can allow a hacker to compromise the iPhone.
Seriot has created a proof-of-concept app that he’s calling SpyPhone, which can read or edit a user’s address book, browse web surfing history, see recent GPS positions and more. However, the attack relies on the hacker getting through Apple’s app approval process, which isn’t easy. [pocket lint].
Viruses on smartphone are not a new thing. We have had tones of these on the Symbian S60 platform since years, and now the most web friendly Jesus phone has got its share of the same. However, Seriot himself has agreed that iPhone though is more secure than other smartphones, there are some gaps that he has identified.
A few things that Nicholas has pointed:
SpyPhone is an application intended to show the kind of data a rogue application can collect. These data do certainly interest marketers, spammers, thieves, competitors and law enforcement officials.
Another way to collect personal data is to use the AddressBook API. There is no “Me” record, but any application can read and edit the whole AddressBook without the user noticing it.
You can download his report here