Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.
12-08-2009, 11:15 AM #1
Non-Jailbroken iPhones More Vulnerable to Malware: Study
Slashdot reported last week on research published by Swiss iPhone developer Nicolas Seriot about security holes in unjailbroken - that's UNjailbroken - iPhones that could potentially compromise email accounts, browser history and even keytaps held in cache. The closed and unmodifiable nature of the stock iPhone OS means that malware could be carried by any app: even one legitimately purchased and downloaded from the App Store.
In a talk on iPhone privacy in Geneva, Seriot described how a malicious application could harvest personal data on a non-jailbroken iPhone (PDF) without using private APIs. The presentation makes several suggestions to Apple on how to make the native iPhone environment more secure. For one thing, Seriot asserts that the keyboard cache on iPhones should be a OS service rather than being easily available to any app. He also recommends that the WiFi connection history be better hidden, and that the App Store reviews process be expanded to search for potential misuse of data.
Seriot also makes the case that jailbroken iPhones can actually be more secure than stock iPhones, for the simple reason that jailbreakers have access to firewall software. The iPhone worms that were in the news not too long ago made headlines because they attacked jailbroken iPhones, but only those which still had the default SSH password. Once secured and running a firewall, jailbroken devices are harder to break into remotely than non-jailbroken iPhones. This, of course, clearly contradicts Apple’s position that jailbroken devices are more vulnerable, and so may encounter resistance in the mainstream industry press.
Users of all iPhones - jailbroken and not - should be wary of programs from untrustworthy developers, according to Seriot: especially professionals like like attorneys, doctors, finance officers who are legally bound to safeguard the privacy of data under their control. Interestingly, he also asserts that user reviews in the App Store are crucial, since customer experiences could save others from attack or validate the integrity of a program. After the recent scandal about faked reviews on the App Store, Apple would do well to keep better control of user feedback: as a security measure, if for no other reason.
image via geardiary.com
Last edited by Paul Daniel Ash; 12-08-2009 at 11:25 AM. Reason: link, typo
The Following User Says Thank You to Paul Daniel Ash For This Useful Post:
12-08-2009, 12:43 PM #2
This is true. But as a jailbreaker I also feel safer with apps such as firewall. This, in conjunction with changing SSH password, is safe enough for me.If I helped you out, please use the Thanks button ------------------------->
12-08-2009, 01:03 PM #3
Just another reason to jailbreak. It's sad that a company with a "Thnk Diff" logo has turned into "THE MAN"....32GB Black 3G[S]
12-08-2009, 01:11 PM #4
I was getting tired of all of Apple's "Scare Tactics" they would use towards Jailbreakers . Its about time the truth comes out .
12-08-2009, 01:28 PM #5
I took off my jailbreak the other day lol..w00t time to rejailbreak (maybe) in sort of a mean way i would love for a virus to attack normal UNjailbroken iphones... that way apple can get off their high horse about never getting viruses.When the police want to know where someone is, they ask apple.
12-08-2009, 01:53 PM #6
this is something that i have allways suspected. im glad that its being put to the testkillall Terminal
12-08-2009, 02:41 PM #7
Well well well.. so now the non jailbroken phones are vulnerable? Interesting info. I still have not used the firewall app. I've only changed my ssh password. I'll have to look into this more.
12-08-2009, 04:00 PM #8
I think this article is a bit misleading. Of COURSE there can be malicious apps in the App Store. Think about it like this: Beejive, for example, can link your contacts to your screen names, and even read screen names from your contacts. Who's to say that Beejive can't snag ALL of your contact information and upload it to a remote server without even letting you know? (Of course, I have the utmost respect for the developers of Beejive; it's my favorite app from the App Store, I was just using them as an example because that's the first app that came to mind when thinking about apps that use your contacts database.)
12-08-2009, 04:31 PM #9
While I think jailbreaking is great, this does have to be one of the least convincing arguments I've ever seen.He who asks a question looks foolish for 5 minutes. He who doesn't ask a question remains foolish forever.
12-08-2009, 04:48 PM #10
Jailbreaking - 100
Non-Jailbreaking - 0.1
aww so close
The Following User Says Thank You to Peemcgee For This Useful Post:
12-08-2009, 06:00 PM #11
12-08-2009, 07:34 PM #12
Who keeps spreading the malware on iPhones and iPod touches?!Asking for help is different from being stupid. Fanboys can rot in @#$%!
12-08-2009, 11:00 PM #13
well this is a fun fact to know, what does apple have to say about this?
*OFF TOPIC* how is the firewall program?Originally Posted by ??????
12-09-2009, 07:07 AM #14
12-09-2009, 09:50 AM #15
Long live JailbreakThis is getting a lil' ridiculous...
12-09-2009, 06:43 PM #16
If I helped you out, please use the Thanks button ------------------------->
12-09-2009, 09:18 PM #17
Jailbreak is awesome. I wish more people would do it.
12-12-2009, 12:05 PM #18
12-12-2009, 01:58 PM #19
cant you just load a stock fw so your warranty will still be good? the only time i ever took mine back was when i bouht the 3g becouse they were out of the 3gs's. took it back within my 30 day trial when they got them in stock. they never even looked at my old phone. i dont really know if theres a way for them to tell if it was previously jailbroken or not. just askin incase i ever have to return it in the future.