It sounds like a lame character from one too many X-Men sequels. But the concept of a "rogue app" is a reality for many. We've all stumbled across more than a few suspicious iPhone applications that make one wonder if the folks behind the app have ulterior motives for rolling it out.
Making bold claims and accusations against the purveyors of malicious applications is Nicolas Seriot from the Swiss University of Applied Sciences. Nick is speaking today in Washington DC at Blac Hat DC 2010. His argument? Be afraid. Be very afraid. More importantly, however, be cautious. Be very cautious.
This presentation will discuss iPhone privacy issues and challenge Apple's stance and assertions regarding iPhone security. The presentation will also show how a rogue application can access substantial quantities of personal data on an unmodified device and expose how it could go unnoticed in spite of AppStore tight reviews.
Proof? Seriot, a software engineer in his own right, created spyware called "SpyPhone" which has proven to successfully
access everything from Safari searches to sensitive e-mail account information like username and password. It's a cyber
thief's dream and a stalker's paradise. For the rest of us, however, it's a nightmare waiting to happen.
What's the point of all this? To raise our level of consciousness about the dangers of the App Store. Should we tremble over the theories proposed by Seriot? Of course not. But it is about time for many of us to rouse ourselves from a state of security complacency and realize that legitimate dangers are prowling the App Store, and Apple is simply incapable of doing all the protection for us. Often times, we have to do it ourselves.