Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.
Thread: Beware The Rogue App
02-03-2010, 11:46 AM #1
Beware The Rogue App
It sounds like a lame character from one too many X-Men sequels. But the concept of a "rogue app" is a reality for many. We've all stumbled across more than a few suspicious iPhone applications that make one wonder if the folks behind the app have ulterior motives for rolling it out.
Making bold claims and accusations against the purveyors of malicious applications is Nicolas Seriot from the Swiss University of Applied Sciences. Nick is speaking today in Washington DC at Blac Hat DC 2010. His argument? Be afraid. Be very afraid. More importantly, however, be cautious. Be very cautious.
This presentation will discuss iPhone privacy issues and challenge Apple's stance and assertions regarding iPhone security. The presentation will also show how a rogue application can access substantial quantities of personal data on an unmodified device and expose how it could go unnoticed in spite of AppStore tight reviews.
Proof? Seriot, a software engineer in his own right, created spyware called "SpyPhone" which has proven to successfully
access everything from Safari searches to sensitive e-mail account information like username and password. It's a cyber
thief's dream and a stalker's paradise. For the rest of us, however, it's a nightmare waiting to happen.
What's the point of all this? To raise our level of consciousness about the dangers of the App Store. Should we tremble over the theories proposed by Seriot? Of course not. But it is about time for many of us to rouse ourselves from a state of security complacency and realize that legitimate dangers are prowling the App Store, and Apple is simply incapable of doing all the protection for us. Often times, we have to do it ourselves.
Last edited by Michael Essany; 02-03-2010 at 12:33 PM.
02-03-2010, 12:00 PM #2
The iPhone does need a revamp in security to remain safe.
Jailbreakers can take extra steps toward security than OTB users though. I'm thankful for that.
02-03-2010, 12:06 PM #3
soooo..what do we do ? lol idk you always hear things like this aand suddenly the hype dies so im not to worried
02-03-2010, 12:09 PM #4Spell check needed? :-)
You spelled Beware wrong in the Photo for the article. :-) Bewware...not sure if that was on purpose as a play on Rogue apps?
02-03-2010, 12:29 PM #5
02-03-2010, 12:34 PM #6
Totally meant to do that NOT. Thanks for catching my sticky double W keyboard
02-03-2010, 12:49 PM #7Interesting
I'd be interested to know how a hacker would go about doing this since Apple supposedly doesn't allow multitasking. So it's obviously not recording keystrokes/touches... I wonder if he/she's some how able to modify the 'Allow app to use current location' function to get more than just the GPS data to grab said sensitive data. Very creative, unfortunately how is any one able to know if they've even downloaded a corrupt app.
02-03-2010, 01:30 PM #8
Things like this just go to prove that no system is completely safe. Apple has touted how it has the safest OS ever. The fact of the matter is it has been the safest because frankly nobody cared. MANY people worldwide can be effected by attacking the iPhone OS, so hackers are much more interested. For every hole that is patched up another is found, as should be crystal clear with jailbreaking and unlocking...------------------------------------------------------------------------------------------------------------------------------------------------------------------
I once prayed to God for an iPhone, but quickly found out He didn't work that way...so I stole an iPhone and prayed for His forgiveness.
A dog is the only thing on earth that loves you more than you love yourself. - Josh Billings
02-03-2010, 01:30 PM #9
Isn't this the whole justification for the Apple closed shop approval process? I thought Apple was vetting all apps so the world would be safe? If bad stuff is getting thru then Apple's justification for it war against jail breaking losses some of it's creditability.
02-03-2010, 01:45 PM #10
Does this refer to the apps that talk to the network all of the time? Those are the apps that kill the battery life and is so annoying. Case in Point: New York Tines app. I'll have the phone locked, and i hear constant GSM interference which tells me that the app is still talking to the net. I even turned Fetch/Push off and it still did it. I noticed when I deleted the app, the battery life increased and the GSM interference was gone...I know there are more apps like that. Would that be a security threat secretly talking to the devs??
02-03-2010, 02:02 PM #11
I don't buy it.
He says he created iPhone spyware. I could say that I created iPhone spyware too. Where is it? How many phones is it on? Where's the proof that it ever existed and that even a single person ever had it on their phone, and furthermore, that it actually worked and retrieved data for him? And then we would need proof that it was on the App Store, successfully approved by Apple regardless of the malicious code within.
Sounds like Chicken Little to me.
Besides, how many people actually have useful info on their phones that these questionable app makers would be after? I bet virtually none. If anyone wanted to take all the time required to sift through my emails or listen to all my conversations or view my browsing habits, be my guest. They won't find anything useful. I'm sure this is the case with 99% of iPhone users. Anybody willing to use things like credit card numbers over celluar data waves is already taking risks and knows what they're getting themselves into (I hope). The worst 'rogue app' coders could do is get passwords to websites, like this one. OMG, somebody's going to come on here and post in my name! The world is over, oh noes! Pfft.
02-03-2010, 03:31 PM #12
This could even be in something like the Foxtel app which was always claimed to take your phone number and surfing habits. It has the potential of passing the AppStore scrutiny and getting onto Joe Blogs phone who got the phone because he was cool and wasn't smart or "geeky" enough to know how to be security conscious.
Not everyone's like you where they have very little to hide and the fact is, there are places and/or people out there that would want to pay for this kind of semi private info that could potentially be personally identifiable. I don't care if it's my IBM work contacts or my girlfriends number, location and date of birth, they shouldn't be able to get that PERIOD.
02-03-2010, 04:26 PM #13
lol wen u download corrupted data it wont work and it will tell u its corrupted, as for a virus/spyware theres not much to do to find out if u have dl'ed itdamn drug dealers, and there jailbroken iPhones... ____ Hit the thanks if you think i suck
02-03-2010, 05:57 PM #14
Second of all, people could have a lot of sensitive info on their iPhone. Depending what they do with it, they could have credit card information, bank account information, people's phone numbers, addresses, etc. Most people's iTunes account is linked to a credit card account... Ever heard of identity theft?
02-03-2010, 06:23 PM #15
Hmmm now I want to know what that official white house app actually does!
02-03-2010, 06:28 PM #16
If I helped you out, please use the Thanks button ------------------------->
02-03-2010, 07:17 PM #17
This guy sounds like a douche b@g. Seriously, why in the he11 would someone create an application just to grab personal info? Stupid spyware creators...
Last edited by awesomeSlayer; 02-03-2010 at 09:57 PM.Asking for help is different from being stupid. Fanboys can rot in @#$%!
02-03-2010, 10:46 PM #18
Oh wow. I guess now we actually have to be on the lookout for downloading suspicious apps. But then, I really doubt it. How much of us here actually uses the App Store these days?
02-03-2010, 11:28 PM #19
02-03-2010, 11:46 PM #20