SpyPhone: Demo Of Malware Spread Through Appstore At Black Hat Conference

A couple of days ago we told you that this year, the Black Hat conference is all about iPhone apps malware. Following up the story, Nicolas Seriot, a Swiss expert, has created an iPhone app called SpyPhone in order to demonstrate exactly how easy it is to spread malware through the App Store, and compromise the security of our data on the iPhone.

You would only have to launch the app once, and the hacker has access to your Safari’s history, last GPS position recorded , keyboard’s cache, email inbox, everything.

Seriot invites all iPhone users to be very careful what apps they install, in other words don’t just go on a app spree, because hiding the malicious code is extremely easy and the only solution for Apple would be to implement security profiles and ask each developer to indicate exactly what resources are used by the application.

“It turns out that the full Address Book is readable without the user’s knowledge or consent,” Seriot wrote in a white paper (PDF) on the subject.

As stated before, the Black Hat conference unites the best hackers around the world who are committed to pierce the systems in order to enable organizations to improve the safety of their devices. So we can only wait and see if Apple will accept the help and advice of such a community , because even though you might think something like this is far-fetched, it could happen to each and everyone of us at any given time just by downloading a simple app from the appstore. Maybe a “free for only 24h” app…

[via CNet]