UNjailbroken iPhones Not As Safe As Thought

By SRASC at 9 December, 2009, 7:33 pm

Slashdot reported last week on research published by Swiss iPhone developer Nicolas Seriot about security holes in unjailbroken – that’s UNjailbroken – iPhones that could potentially compromise email accounts, browser history and even keytaps held in cache. The closed and unmodifiable nature of the stock iPhone OS means that malware could be carried by any app: even one legitimately purchased and downloaded from the App Store. 

In a talk on iPhone privacy in Geneva, Seriot described how a malicious application could harvest personal data on a non-jailbroken iPhone (PDF) without using private APIs. The presentation makes several suggestions to Apple on how to make the native iPhone environment more secure. For one thing, Seriot asserts that the keyboard cache oniPhones should be a OS service rather than being easily available to any app. He also recommends that the WiFi connection history be better hidden, and that the App Store reviews process be expanded to search for potential misuse of data. 

Seriot also makes the case that jailbroken iPhones can actually be more secure than stock iPhones, for the simple reason that jailbreakers have access to firewall software. The iPhone worms that were in the news not too long ago made headlines because they attacked jailbroken iPhones, but only those which still had the default SSH password. Once secured and running a firewall, jailbroken devices are harder to break into remotely than non-jailbrokeniPhones. This, of course, clearly contradicts Apple’s position that jailbroken devices are more vulnerable, and so may encounter resistance in the mainstream industry press. 

Users of all iPhones – jailbroken and not – should be wary of programs from untrustworthy developers, according to Seriot: especially professionals like like attorneys, doctors, finance officers who are legally bound to safeguard the privacy of data under their control. Interestingly, he also asserts that user reviews in the App Store are crucial, since customer experiences could save others from attack or validate the integrity of a program. After the recent scandal about faked reviews on the App Store, Apple would do well to keep better control of user feedback: as a security measure, if for no other reason.

(via TheiPhoneSpot.net)

 Retweet This Post




Print This Post Print This Post

Categories : 3G iPhone | Apple News | Featured | Jailbreak/Activate | iPhone | iPhone 3G S


Related Articles




Most Recent Articles

  • Sorry for the lack of Updates to MyTriniPhone
  • Apple Not Giving iPhone To Owner
  • iWish A Merry Christmas To You
  • iPhone 2G/3G Video Recording Apps
  • UNjailbroken iPhones Not As Safe As Thought
  • Ustream Live Broadcaster | Stream Live Video From iPhone
  • iClassic | Bring iPod classic interface to iPhone/iPod touch
  • Malicious worm attacks, steals data from jailbroken iPhones
  • Guess How Many iPhones Sold In The UK On Orange?
  • Cydget Released