A Swiss developer is claiming that Apple's iPhone may not be as safe as the company claims it to be, calling into question the official stance that if you don't jailbreak your handset you'll be completely protected.

Nicolas Seriot has published a series of security shortcomings that could allow hackers to create malicious apps which lift data from any iPhone. Email, keyboard entries in the cache and browser history files could all be in danger of being exposed if a developer hides malware code in an app.

Seriot has created a proof-of-concept app that he's calling SpyPhone, which can read or edit a user's address book, browse web surfing history, see recent GPS positions and more. However, the attack relies on the hacker getting through Apple's app approval process, which isn't easy.

To do that, code would have to be activated after the review process is complete, and you'd need to obscure the code in some way to prevent the malicious behaviour being detected. However, no exploits or third-party APIs would be required.

Seriot did, however, suggest some ways in which security on the handset could be beefed up. He says that users should be prompted to authorise access to iPhone Address Books, and firewalls should be implemented. He also suggested that the keyboard cache should be an OS-only service, not available to apps.

Apple hasn't yet responded to the accusations, but if the US tech giant does - and that's quite a big if, we'll update this story.

Via: theregister.co.uk

Recommended articles