Friday, November 16, 2007

iPhone Malware Demo Freaking Me Out, Man [Apple]

PopoutMaybe it's the eyes. Don't be too alarmed, but this video shows the iPhone being accessed by terminal using a program installed by a webpage. Since the program, like all unofficial apps, runs as root, they've got access to data stores for mail, call lists, contacts, and voicemail, which are served up via terminal. And no, that guy isn't hacking your ghost with those piercing eyes. I think.

This is why a managed SDK with sandboxed apps like the one Jobs proposes for February is going to be a lot better than opening up the device outright, like it or not. Since this is a hack done via a website, it's likely the 1.1.1 TIFF exploit that can be patched by a) installing Apple's 1.1.2 patch or hacking your 1.1.1 iPhone using the Jailbreakme.com installer website. The guy runs all this on a LAN, knowing IPs, but it wouldn't be hard to have malware ping home, either. Nothing to scoff at, but also not surprising given the unofficial nature of the apps developed so far, and maybe nothing to freak out over. [FC via CrunchHickey]