Swiss iPhone developer Nicolas Seriot has published research on security loop holes in iPhone that could create a platform for hackers to steal data even from stock (non jailbroken) iPhones. Email accounts, keyboard entries held in cache and browser history files are all potentially exposed by a malicious app even it is downloaded from app store. last night a talk on iPhone Privacy in Geneva Nicolas Seriot showed how a malicious application could harvest personal data on a non-jailbroken iPhone (PDF) and without using private APIs. It turns out that the email accounts, the keyboard cache content and the WiFi connection logs are fully accessible. The talk puts up several recommendations. There is also a demo project on github.
In his presentation Seriot suggests to Apple that keyboard cache on iPhones should be a OS service and not so readily available to applications. Wi-Fi connection history ought to be better hidden.Seriot concludes that although iPhone is still more secure than other platforms, sandboxing and AppStore reviews are necessary and ought to be improved. Seriot also advised iPhone users to do not run apps you can’t trust especially if you are required by law to keep secrets (banking, attorneys, medical, police).
Mr. Seriot advocated native firewall app for iPhone to make iPhone safer, so we can say jailbroken iPhone is more safe than the non jailbroken iPhone >> huh! Why? << because jailbroken iPhone iPhone and iPod Touch already have an option of firewall | Yes We aren’t Joking check here. Apple advertised that jailbroken iPhones are more vulnerable, yes they are but only if you haven’t changed the default SSH password.
We already covered iKee Worm, iPhone/Privacy.A and iBotnet.A But the only people who were vulnerable were people who had jailbroken their phones, turned on SSH services, and neglected to change their root password. A little workaround to change the default password can make safe your iPhone as normal. We published a guide to change your default password of SSH, if you missed then check Secure Your Jailbroken iPhone and Change your Default Password.
We’ll continue to update you all with more details on iPhone security time to time, till then stick with us on Twitter @ihackinjosh or subscribe our free daily e-mail newsletter CLICK HERE to keep yourself updated on every news about iPhone.