Jailbreak Shows iPhone Apps Vulnerability

December 14, 2009 No comments

Recently, the web was abuzz with reports of iPhone vulnerabilities that surfaced after it was found that jailbroken iPhones changed the root, or administrator, password to the phone’s Secure Shell, or SSH. As a result, someone could connect to the jailbroken phone using a remote access tool and basically have the ability to see and steal anything stored on the device. Of course, this exploit only affected those who applied the jailbreak to their phone. Those still running the official Apple code were thought to be safe.

However, a presentation (pdf) by Swiss iPhone developer Nicolas Seriot shows that even iPhones that have not been jailbroken are still at risk of malware infections from apps purchased directly from the iPhone app store. To show this, Seriot created a proof-of-concept app called SpyPhone to show how attackers could invade users’ privacy. This app compromises a user’s private data using only officially sanctioned Apple APIs. It makes use of no hacking techniques and no links to a user’s Facebook or Twitter account. In his presentation, Seriot went on to explain exactly what a rogue developer could do with a malicious app:

Gain access to the address book with the ability to steal entries and even modify entries without the user’s knowledge
View the browser history and YouTube searches much like traditional spyware does
Steal account information and user passwords from keyboard cache records
View the stored screenshots used to produce the iPhone’s famous 3D transition effect
Guess your location by tapping into the GPS and geotagged photos on your phone

While Apple thoroughly checks each app before it is approved for the store, Seriot went on to further explain that by using simple encoding techniques and encryption, it would be quite easy for a malicious developer to disguise the payload from the reviewers.
What can be done?

Since the iPhone and the app store are such huge money makers for Apple, you can guess that this summer’s release of the iPhone’s OS 4 security concerns will top the list. Additionally, you can probably expect more to be done by developers to encrypt stored data used in their apps, and to overwrite any data that is no longer in use to prevent it from being accessed. While the community would hope that these changes would come out of a sense of responsibility, Apple will most likely be looking at ramping up security efforts from the third-party developers as a result of being in the news twice for security concerns. In the mean time, as an iPhone user, you can do the following to protect yourself:

Research the developer of any apps you purchase. Visit their web site and poke around a bit. Make sure that they are legitimate.
Keep an eye on your phone. If you notice anything out of the ordinary, take it in and have it looked at.
Clear the browser cache frequently. You can also clear your keyboard cache using the Reset keyboard dictionary utility. If this is done often enough, it may help overwrite any stored screenshots as well.

Download the source code for the SpyPhone project at social coding collaborative development site github.