iPhone App Silently Harvests Personal Data

06. Dec, 2009

A Swiss iPhone developer released an application that is capable of harvesting large amounts of personal data from iPhones, including geolocation data, passwords, address book entries and email account information, all using just the public API.

The application, called SpyPhone, uses the public iPhone API that Apple made available for application developers, and does not need any exploits or hardware attacks in order to access the iPhone’s data. Instead, SpyPhone relies on using the iPhone’s usability and depth of features to its advantage. Once an application is on an iPhone, it has unfettered access to much of the data and settings on the device, a circumstance that SpyPhone’s developer, Nicolas Seriot, exploited.

Seriot has posted the source code for SpyPhone online and gave a talk about SpyPhone’s capabilities at a security conference this week. All of SpyPhone’s operations are conducted in the background, without the knowledge of the iPhone’s user, and the application can be set to email reports on each infected phone back to the attacker.

Once on the iPhone, the application begins looking at the stored data that’s available in various other programs, such as the email address book and the keyboard cache, which keeps a record of every keystroke the user enters in a non-password field, Seriot said. This data normally is used for the iPhone’s autocomplete feature, but can be a gold mine of information for an attacker searching for intelligence on the iPhone’s owner.

By default, the iPhone will tag any photos taken with the device with the date and location of the picture. The user can turn this feature off, but if it’s enabled, SpyPhone can access that data, as well as the log of which WiFi hotspots the device has connected to. All of this gives the attacker a better picture of the iPhone’s owner, his location and his interests, which is valuable data.

Apple has taken pains to keep strict control over what applications can run on the iPhone, but malicious apps have been found in the company’s AppStore in the past. And while Apple has to approve all of the programs in the AppStore, users who have jailbroken iPhones can run any app they choose on their devices. That leaves plenty of opportunity for seemingly innocuous apps that contain malicious components.

Malicious apps stored on iPhones can be transferred to your computer when plugged in.  My Tech Team stays aware of the latest threats and trends and works hard to keep you protected.

credit: threatpost.com

ABOUT MY TECH TEAM:
My Tech Team is a leading online tech support company based in the U.S, providing nationwide on demand enterprise level computer support and protection 24 hours a day and 7 days a week.

Enjoyed this Article?
Then don’t miss our next one! Subscribe to our weekly digest newsletter to have future articles delivered to your inbox FREE. Enter your email address below:

We Respect Your Email Privacy 

 
Would you be so kind to share this post? Use the buttons below.

Tags: , , , ,

One Comment

Leave a comment
  1. Adam 03. Dec, 2010 at 8:39 pm #

    Good ole apple, money over security, thanks for looking out for us My Tech Team

    Reply

Leave a Reply

CAPTCHA Image
*