Skip to main content

App exploits endanger iPhone owners

App exploits endanger iPhone owners

iPhone owners are in danger of falling victim to data theft, a researcher has claimed.

In an interview with technology site CNet, Nicolas Seriot detailed his work with the iPhone platform and explained how easy it is for malicious programmers to create seemingly innocent apps that can actually make spying on the user incredibly easy.

Mr Seriot said that the current system employed by Apple to screen new applications that are submitted to the App Store is inadequate when it comes to checking as to how secure apps are.

Any app installed on an iPhone can then harvest data about the user, including having access to information concerning their location, their friend's contact details and their hobbies and habits, he claimed.

Mr Seriot gave a speech to a security conference earlier in the week, in which he demonstrated how an app could silently supply a remote server with personal data relating to an iPhone user.

Usually the criminals will disguise their malicious software in games and during operation the app can easily grab contact details, messages and notes stored on the infected iPhone.

To reinforce his point, Mr Seriot has created a home coded app called SpyPhone. This app gathers web history, search history and email login details, allowing the user to be tracked across multiple devices and platforms.

It can even use the GPS to find the location of the user and also logs every single keystroke that they make, allowing the theft of passwords and usernames.

Mr Seriot criticised the approval system by which Apple judges all new applications before they go on sale on App Store. Since the developers are not required to provide the source code for Apple's scrutiny, slipping in malicious trickery goes undetected.

Multiple applications have already been taken to task for the illicit gathering of iPhone owners' personal information, although some have been doing so purely by accident.

As such, Mr Seriot is convinced that many more will slip through in the future if the current procedures are not altered.

"As a basic precaution, users should regularly clean the browser's recent searches and the keyboard cache in Settings. They should also change or delete the declared phone number, also in Settings," he advised.

back to top