• Your favorite








    , and
  • Non-Jailbroken iPhones More Vulnerable to Malware: Study

    Slashdot reported last week on research published by Swiss iPhone developer Nicolas Seriot about security holes in unjailbroken - that's UNjailbroken - iPhones that could potentially compromise email accounts, browser history and even keytaps held in cache. The closed and unmodifiable nature of the stock iPhone OS means that malware could be carried by any app: even one legitimately purchased and downloaded from the App Store.

    In a talk on iPhone privacy in Geneva, Seriot described how a malicious application could harvest personal data on a non-jailbroken iPhone (PDF) without using private APIs. The presentation makes several suggestions to Apple on how to make the native iPhone environment more secure. For one thing, Seriot asserts that the keyboard cache on iPhones should be a OS service rather than being easily available to any app. He also recommends that the WiFi connection history be better hidden, and that the App Store reviews process be expanded to search for potential misuse of data.

    Seriot also makes the case that jailbroken iPhones can actually be more secure than stock iPhones, for the simple reason that jailbreakers have access to firewall software. The iPhone worms that were in the news not too long ago made headlines because they attacked jailbroken iPhones, but only those which still had the default SSH password. Once secured and running a firewall, jailbroken devices are harder to break into remotely than non-jailbroken iPhones. This, of course, clearly contradicts Apple’s position that jailbroken devices are more vulnerable, and so may encounter resistance in the mainstream industry press.

    Users of all iPhones - jailbroken and not - should be wary of programs from untrustworthy developers, according to Seriot: especially professionals like like attorneys, doctors, finance officers who are legally bound to safeguard the privacy of data under their control. Interestingly, he also asserts that user reviews in the App Store are crucial, since customer experiences could save others from attack or validate the integrity of a program. After the recent scandal about faked reviews on the App Store, Apple would do well to keep better control of user feedback: as a security measure, if for no other reason.

    image via geardiary.com
    This article was originally published in forum thread: Non-Jailbroken iPhones More Vulnerable to Malware: Study started by Paul Daniel Ash View original post
    Comments 18 Comments
    1. adp's Avatar
      adp -
      This is true. But as a jailbreaker I also feel safer with apps such as firewall. This, in conjunction with changing SSH password, is safe enough for me.
    1. jboone's Avatar
      jboone -
      Just another reason to jailbreak. It's sad that a company with a "Thnk Diff" logo has turned into "THE MAN"....
    1. Fallguy's Avatar
      Fallguy -
      I was getting tired of all of Apple's "Scare Tactics" they would use towards Jailbreakers . Its about time the truth comes out .
    1. gthugballin's Avatar
      gthugballin -
      I took off my jailbreak the other day lol..w00t time to rejailbreak (maybe) in sort of a mean way i would love for a virus to attack normal UNjailbroken iphones... that way apple can get off their high horse about never getting viruses.
    1. rhekt's Avatar
      rhekt -
      this is something that i have allways suspected. im glad that its being put to the test
    1. hollow0's Avatar
      hollow0 -
      Well well well.. so now the non jailbroken phones are vulnerable? Interesting info. I still have not used the firewall app. I've only changed my ssh password. I'll have to look into this more.
    1. n00neimp0rtant's Avatar
      n00neimp0rtant -
      I think this article is a bit misleading. Of COURSE there can be malicious apps in the App Store. Think about it like this: Beejive, for example, can link your contacts to your screen names, and even read screen names from your contacts. Who's to say that Beejive can't snag ALL of your contact information and upload it to a remote server without even letting you know? (Of course, I have the utmost respect for the developers of Beejive; it's my favorite app from the App Store, I was just using them as an example because that's the first app that came to mind when thinking about apps that use your contacts database.)
    1. confucious's Avatar
      confucious -
      While I think jailbreaking is great, this does have to be one of the least convincing arguments I've ever seen.
    1. Peemcgee's Avatar
      Peemcgee -
      Jailbreaking - 100

      Non-Jailbreaking - 0.1

      aww so close
    1. StealthBravo's Avatar
      StealthBravo -
      Quote Originally Posted by confucious View Post
      While I think jailbreaking is great, this does have to be one of the least convincing arguments I've ever seen.
      I agree. This is weak =P
    1. awesomeSlayer's Avatar
      awesomeSlayer -
      Who keeps spreading the malware on iPhones and iPod touches?!
    1. ecd5000's Avatar
      ecd5000 -
      well this is a fun fact to know, what does apple have to say about this?
      *OFF TOPIC* how is the firewall program?
    1. matthew1111's Avatar
      matthew1111 -
      Go jailbreak security
    1. rwin84's Avatar
      rwin84 -
      Long live Jailbreak
    1. adp's Avatar
      adp -
      Quote Originally Posted by ecd5000 View Post
      well this is a fun fact to know, what does apple have to say about this?
      *OFF TOPIC* how is the firewall program?
      It's great. So far it's detected a few outgoing connections to admob and such websites, from apps that had absolutely no need for data. For example, there was one crappy app in Cydia called "PayUpBro" which I downloaded out of extreme boredom, and immiediately my firewall detected an outgoing connection to admob.com=deleted app.
    1. tudtran's Avatar
      tudtran -
      Jailbreak is awesome. I wish more people would do it.
    1. hollow0's Avatar
      hollow0 -
      Quote Originally Posted by tudtran View Post
      Jailbreak is awesome. I wish more people would do it.
      It is awesome but then no one would have warranties
    1. weazle23's Avatar
      weazle23 -
      cant you just load a stock fw so your warranty will still be good? the only time i ever took mine back was when i bouht the 3g becouse they were out of the 3gs's. took it back within my 30 day trial when they got them in stock. they never even looked at my old phone. i dont really know if theres a way for them to tell if it was previously jailbroken or not. just askin incase i ever have to return it in the future.