Nicolas Seriot, a Swiss iPhone developer, has published research that demonstrates some disturbing security holes in the Apple smartphone. Unlike previous reports about malware targeting jailbroken phones, this study posts that the threat exists even for pristine, never-jailbroken iPhones.
Recently, Seriot gave a talk on iPhone privacy in Geneva, and demonstrated how a malicious app could attack stock iPhones to pilfer personal data logs, like email account info, keypresses held in cache and browsing histories. (There’s even a demo project available on github.) What’s most disturbing about this is, unless Apple’s specifically looking for these types of opportunistic features — and there’s no word on whether it is — the App Store itself could actually be distributing such secretly malicious apps.
Though he acknowledges that iPhones are still more secure than many smartphones today, Seriot also suggests a few things Apple could do to make it less vulnerable. For instance, the company could make keyboard caches an OS-only service (and not available to third-party apps). In fact, he recommends sandboxing, which completely isolates a program to operate in its own space, without the ability to access anything beyond its “sandbox.” (NOTE: Though this would make the iPhone more secure, it would also deter apps that could expand the device’s native features. So this would be a trade-off: fewer “cool” apps for better security.) Seriot also recommends that Apple figure out how to hide the Wifi connection histories better, improve the App Store reviews process and develop its own native firewall.
On the customer side, users should be wary of programs from untrustworthy developers, especially if they are legally bound to keep secrets (like attorneys, doctors, finance officers, etc). User reviews in the App Store may become crucial, since customer experiences could save others from attack or validate the integrity of a program.
In what may be the most interesting part of this story, Seriot indicated that jailbroken iPhones might actually be more secure than stock iPhones. Why? Simple: Jailbreakers have access to firewall apps. The iPhone worms that made news not too long ago did target hacked iPhones, but these were easily thwarted by a simple change in the default SSH password. Once secured and running a firewall, the jailbroken handsets are harder to break into than pristine iPhones (which flies in the face of Apple’s position that jailbroken devices are more vulnerable).
The story didn’t mention specific programs; it only made the general threat known to the public. But now that this news has made the rounds, it probably won’t be long before someone takes advantage of it. So take this as a warning: Until there’s a secure fix for this, consider conducting your own vetting of apps prior to downloading from the App Store.