iPhone Privacy Not All That it Claims?

by

According to research from security expert and software engineer Nicolas Seriot – a man you can read about here – iPhone privacy may not be all that it’s cracked up to be. Speaking at the Black Hat Conference, which focuses on technical security, in Washington DC this week, Seriot made a number of claims.

Nicolas Seriot's findings will interest many iPhone users and Apple execs.

According to reports this morning, the Lausanne-based engineer, said that Apple’s sandboxing technology restricts iPhone applications to operating system resources with a list of deny/allow rules at the kernel level, but these and other permissions are “way too loose,” and “Apple should not claim that an application cannot access data from another application,” said Seriot, who also works as an iPhone programming trainer at a company called Sen:te.

The PCWorld report went on to note that Seriot claimed a number of iPhone apps, including one called Aurora Feint and another called mogoRoad, that made it into Apple’s App Store before being de-listed for privacy violations involving the harvesting of iPhone users’ contacts, e-mails and phone numbers. Apple reviewers can be fooled, and the likelihood of this continuing to occur appears high, especially as the iPhone, now at about 34 million devices in the market, becomes an increasingly appealing target for hackers, he was quoted as saying.

Seriot is examining these kinds of issues for some Swiss financial institutions that want to know about iPhone security and privacy. About 8% of iPhones today are believed to be “jailbroken,” meaning the user has effectively disabled controls in order to run whatever software he wants, not just what’s available in the App Store, and malware aimed at them is starting to grow.

Separate from the jailbroken issue, Seriot has found in his own investigation that sensitive personal data can be picked up just building an application using the known iPhone APIs. Seriot said he thinks Apple should build something akin to an application firewall for the iPhone so that the user can be informed when certain actions start to occur so he can prevent them from happening, such as an app trying to edit the address book.

Advertisements

Tags: , , , ,

One Response to “iPhone Privacy Not All That it Claims?”

  1. Reza Says:

    hi, nice article, thanks for sharing

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: