Page 1 of 2 12 LastLast
Results 1 to 20 of 23

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Beware The Rogue App

  1. #1
    MMi Staff Writer Michael Essany's Avatar
    Join Date
    Aug 2009
    Location
    Valparaiso, Indiana
    Posts
    3,822
    Thanks
    17
    Thanked 1,480 Times in 566 Posts

    Default Beware The Rogue App


    It sounds like a lame character from one too many X-Men sequels. But the concept of a "rogue app" is a reality for many. We've all stumbled across more than a few suspicious iPhone applications that make one wonder if the folks behind the app have ulterior motives for rolling it out.

    Making bold claims and accusations against the purveyors of malicious applications is Nicolas Seriot from the Swiss University of Applied Sciences. Nick is speaking today in Washington DC at Blac Hat DC 2010. His argument? Be afraid. Be very afraid. More importantly, however, be cautious. Be very cautious.

    This presentation will discuss iPhone privacy issues and challenge Apple's stance and assertions regarding iPhone security. The presentation will also show how a rogue application can access substantial quantities of personal data on an unmodified device and expose how it could go unnoticed in spite of AppStore tight reviews.
    During the presentation, the text and video of which are expected to be released later, Seriot wasted no time extolling the dangers of otherwise "harmless apps" that harbor unsavory secrets - namely, their ability to spy on you and soak up personal and highly sensitive data - all of which could fall into the wrong hands at the right price.

    Proof? Seriot, a software engineer in his own right, created spyware called "SpyPhone" which has proven to successfully
    access everything from Safari searches to sensitive e-mail account information like username and password. It's a cyber
    thief's dream and a stalker's paradise. For the rest of us, however, it's a nightmare waiting to happen.

    What's the point of all this? To raise our level of consciousness about the dangers of the App Store. Should we tremble over the theories proposed by Seriot? Of course not. But it is about time for many of us to rouse ourselves from a state of security complacency and realize that legitimate dangers are prowling the App Store, and Apple is simply incapable of doing all the protection for us. Often times, we have to do it ourselves.
    Last edited by Michael Essany; 02-03-2010 at 12:33 PM.

  2. The Following 3 Users Say Thank You to Michael Essany For This Useful Post:

    evilmojofcs (02-04-2010), nrowensby (02-04-2010), reaves205 (02-03-2010)

  3. #2
    It's true.
    The iPhone does need a revamp in security to remain safe.
    Jailbreakers can take extra steps toward security than OTB users though. I'm thankful for that.

  4. #3
    Green Apple jd1992's Avatar
    Join Date
    Jan 2010
    Location
    New York
    Posts
    43
    Thanks
    1
    Thanked 1 Time in 1 Post
    soooo..what do we do ? lol idk you always hear things like this aand suddenly the hype dies so im not to worried

  5. #4
    Green Apple
    Join Date
    Dec 2008
    Location
    Boston, MA
    Posts
    52
    Thanks
    5
    Thanked 1 Time in 1 Post
    Default Spell check needed? :-)
    You spelled Beware wrong in the Photo for the article. :-) Bewware...not sure if that was on purpose as a play on Rogue apps?

  6. #5
    Livin the iPhone Life Bernie-Mac's Avatar
    Join Date
    Aug 2007
    Location
    Las Vegas, NV
    Posts
    1,533
    Thanks
    162
    Thanked 136 Times in 95 Posts

    Quote Originally Posted by Plotkin35 View Post
    You spelled Beware wrong in the Photo for the article. :-) Bewware...not sure if that was on purpose as a play on Rogue apps?
    wow
    iLive an iLife

  7. #6
    MMi Staff Writer Michael Essany's Avatar
    Join Date
    Aug 2009
    Location
    Valparaiso, Indiana
    Posts
    3,822
    Thanks
    17
    Thanked 1,480 Times in 566 Posts

    Totally meant to do that NOT. Thanks for catching my sticky double W keyboard

  8. #7
    Default Interesting
    I'd be interested to know how a hacker would go about doing this since Apple supposedly doesn't allow multitasking. So it's obviously not recording keystrokes/touches... I wonder if he/she's some how able to modify the 'Allow app to use current location' function to get more than just the GPS data to grab said sensitive data. Very creative, unfortunately how is any one able to know if they've even downloaded a corrupt app.

  9. #8
    Livin the iPhone Life sziklassy's Avatar
    Join Date
    Jan 2008
    Location
    Iowa (ISU for Vet School!)
    Posts
    3,920
    Thanks
    69
    Thanked 310 Times in 264 Posts

    Things like this just go to prove that no system is completely safe. Apple has touted how it has the safest OS ever. The fact of the matter is it has been the safest because frankly nobody cared. MANY people worldwide can be effected by attacking the iPhone OS, so hackers are much more interested. For every hole that is patched up another is found, as should be crystal clear with jailbreaking and unlocking...
    ------------------------------------------------------------------------------------------------------------------------------------------------------------------
    I once prayed to God for an iPhone, but quickly found out He didn't work that way...so I stole an iPhone and prayed for His forgiveness.

    A dog is the only thing on earth that loves you more than you love yourself. - Josh Billings

  10. #9
    Green Apple
    Join Date
    Jan 2008
    Location
    Auckland, New Zealand
    Posts
    35
    Thanks
    3
    Thanked 2 Times in 2 Posts

    Isn't this the whole justification for the Apple closed shop approval process? I thought Apple was vetting all apps so the world would be safe? If bad stuff is getting thru then Apple's justification for it war against jail breaking losses some of it's creditability.

  11. #10
    Does this refer to the apps that talk to the network all of the time? Those are the apps that kill the battery life and is so annoying. Case in Point: New York Tines app. I'll have the phone locked, and i hear constant GSM interference which tells me that the app is still talking to the net. I even turned Fetch/Push off and it still did it. I noticed when I deleted the app, the battery life increased and the GSM interference was gone...I know there are more apps like that. Would that be a security threat secretly talking to the devs??

  12. #11
    I don't buy it.

    He says he created iPhone spyware. I could say that I created iPhone spyware too. Where is it? How many phones is it on? Where's the proof that it ever existed and that even a single person ever had it on their phone, and furthermore, that it actually worked and retrieved data for him? And then we would need proof that it was on the App Store, successfully approved by Apple regardless of the malicious code within.

    Sounds like Chicken Little to me.

    Besides, how many people actually have useful info on their phones that these questionable app makers would be after? I bet virtually none. If anyone wanted to take all the time required to sift through my emails or listen to all my conversations or view my browsing habits, be my guest. They won't find anything useful. I'm sure this is the case with 99% of iPhone users. Anybody willing to use things like credit card numbers over celluar data waves is already taking risks and knows what they're getting themselves into (I hope). The worst 'rogue app' coders could do is get passwords to websites, like this one. OMG, somebody's going to come on here and post in my name! The world is over, oh noes! Pfft.

  13. #12
    Quote Originally Posted by Sevael View Post
    I don't buy it.

    He says he created iPhone spyware. I could say that I created iPhone spyware too. Where is it? How many phones is it on? Where's the proof that it ever existed and that even a single person ever had it on their phone, and furthermore, that it actually worked and retrieved data for him? And then we would need proof that it was on the App Store, successfully approved by Apple regardless of the malicious code within.

    Sounds like Chicken Little to me.

    Besides, how many people actually have useful info on their phones that these questionable app makers would be after? I bet virtually none. If anyone wanted to take all the time required to sift through my emails or listen to all my conversations or view my browsing habits, be my guest. They won't find anything useful. I'm sure this is the case with 99% of iPhone users. Anybody willing to use things like credit card numbers over celluar data waves is already taking risks and knows what they're getting themselves into (I hope). The worst 'rogue app' coders could do is get passwords to websites, like this one. OMG, somebody's going to come on here and post in my name! The world is over, oh noes! Pfft.
    I think more to the point is that this can be done through the official SDK and even if it gets ONE credit card number, or password to a corporate site, things can go from bad (the fact that these things were used over unsecure channels) to worse where they're being exploited.

    This could even be in something like the Foxtel app which was always claimed to take your phone number and surfing habits. It has the potential of passing the AppStore scrutiny and getting onto Joe Blogs phone who got the phone because he was cool and wasn't smart or "geeky" enough to know how to be security conscious.

    Not everyone's like you where they have very little to hide and the fact is, there are places and/or people out there that would want to pay for this kind of semi private info that could potentially be personally identifiable. I don't care if it's my IBM work contacts or my girlfriends number, location and date of birth, they shouldn't be able to get that PERIOD.

  14. #13
    iPhone? More like MyPhone badass1469's Avatar
    Join Date
    Aug 2008
    Location
    California
    Posts
    199
    Thanks
    4
    Thanked 27 Times in 15 Posts

    lol wen u download corrupted data it wont work and it will tell u its corrupted, as for a virus/spyware theres not much to do to find out if u have dl'ed it
    damn drug dealers, and there jailbroken iPhones... ____ Hit the thanks if you think i suck

  15. #14
    Quote Originally Posted by Sevael View Post
    I don't buy it.

    He says he created iPhone spyware. I could say that I created iPhone spyware too. Where is it? How many phones is it on? Where's the proof that it ever existed and that even a single person ever had it on their phone, and furthermore, that it actually worked and retrieved data for him? And then we would need proof that it was on the App Store, successfully approved by Apple regardless of the malicious code within.

    Sounds like Chicken Little to me.

    Besides, how many people actually have useful info on their phones that these questionable app makers would be after? I bet virtually none. If anyone wanted to take all the time required to sift through my emails or listen to all my conversations or view my browsing habits, be my guest. They won't find anything useful. I'm sure this is the case with 99% of iPhone users. Anybody willing to use things like credit card numbers over celluar data waves is already taking risks and knows what they're getting themselves into (I hope). The worst 'rogue app' coders could do is get passwords to websites, like this one. OMG, somebody's going to come on here and post in my name! The world is over, oh noes! Pfft.
    First of all, his iPhone spyware app is probably a proof of concept you dumb ****.

    Second of all, people could have a lot of sensitive info on their iPhone. Depending what they do with it, they could have credit card information, bank account information, people's phone numbers, addresses, etc. Most people's iTunes account is linked to a credit card account... Ever heard of identity theft?

  16. #15
    Livin the iPhone Life mortopher's Avatar
    Join Date
    Jul 2009
    Location
    Pittsford, NY via Dallas, TX
    Posts
    2,741
    Thanks
    549
    Thanked 622 Times in 346 Posts

    Hmmm now I want to know what that official white house app actually does!

  17. #16
    Livin the iPhone Life adp's Avatar
    Join Date
    Jan 2009
    Location
    South FL
    Posts
    1,789
    Thanks
    32
    Thanked 460 Times in 321 Posts

    Quote Originally Posted by Sevael View Post
    I don't buy it.

    He says he created iPhone spyware. I could say that I created iPhone spyware too. Where is it? How many phones is it on? Where's the proof that it ever existed and that even a single person ever had it on their phone, and furthermore, that it actually worked and retrieved data for him? And then we would need proof that it was on the App Store, successfully approved by Apple regardless of the malicious code within.

    Sounds like Chicken Little to me.

    Besides, how many people actually have useful info on their phones that these questionable app makers would be after? I bet virtually none. If anyone wanted to take all the time required to sift through my emails or listen to all my conversations or view my browsing habits, be my guest. They won't find anything useful. I'm sure this is the case with 99% of iPhone users. Anybody willing to use things like credit card numbers over celluar data waves is already taking risks and knows what they're getting themselves into (I hope). The worst 'rogue app' coders could do is get passwords to websites, like this one. OMG, somebody's going to come on here and post in my name! The world is over, oh noes! Pfft.
    Wow you're really informed. Just because you have no life doesn't mean you can assume everyone else is like you. People have pictures, passwords, e-mails (which contain private info) which leads to identity theft. You're probably not old enough to realize how much that can cost you for the rest of one's life. There's apps that people use on the phones such as mSecure which stores passwords, credit card info, driver license #'s, etc. You might not find it useful but other people do. So stop making generalizations like if you were some kind of life scientist who knows every statistic about humanity.
    If I helped you out, please use the Thanks button ------------------------->

  18. #17
    MMi's "X" Member awesomeSlayer's Avatar
    Join Date
    May 2008
    Location
    Dragonspiral Tower in 3DS
    Posts
    4,524
    Thanks
    114
    Thanked 347 Times in 259 Posts

    This guy sounds like a douche b@g. Seriously, why in the he11 would someone create an application just to grab personal info? Stupid spyware creators...
    Last edited by awesomeSlayer; 02-03-2010 at 09:57 PM.
    Asking for help is different from being stupid. Fanboys can rot in @#$%!

  19. #18
    Green Apple Nehal3m's Avatar
    Join Date
    Feb 2010
    Location
    California
    Posts
    66
    Thanks
    3
    Thanked 3 Times in 3 Posts

    Oh wow. I guess now we actually have to be on the lookout for downloading suspicious apps. But then, I really doubt it. How much of us here actually uses the App Store these days?

  20. #19
    Quote Originally Posted by Nehal3m View Post
    Oh wow. I guess now we actually have to be on the lookout for downloading suspicious apps. But then, I really doubt it. How much of us here actually uses the App Store these days?
    I'd be more worried about downloading spyware apps off Cydia than AppStore

  21. #20
    Green Apple Nehal3m's Avatar
    Join Date
    Feb 2010
    Location
    California
    Posts
    66
    Thanks
    3
    Thanked 3 Times in 3 Posts

    Quote Originally Posted by bengo View Post
    I'd be more worried about downloading spyware apps off Cydia than AppStore
    Honestly, I think the only way apps on Cydia are spyware if the developer meant it to be or you just downloaded it from a strange repo.

    But then, I don't download a lot of things off of Cydia anyways.

Page 1 of 2 12 LastLast
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •