The popular Apple iPhone smartphone may be at risk from a security vulnerability that affects even those models that haven't been hacked, or "jailbroken," according to new findings from a Swiss software engineer.
Nicolas Seriot, an iPhone developer, presented his findings during a conference in Geneva on iPhone privacy. According to his research, malware could exploit a previously unknown hole to access a user's e-mail accounts, Safari, and YouTube searches, keyboard cache content, and the Wi-Fi connection logs.
Most hacks that affect the iPhone are the ones that are unlocked with "jailbreak" utilities, programs that break Apple's control over the phone and allow the use of applications not authorized or downloaded through the AppStore.
It's also a common means of running the iPhone on networks that don't support it. Before Apple launched the iPhone in Asia, there was a major gray market of jailbroken iPhones for use with local carriers there.
Evidently, however, even iPhones fresh off the shelf could be vulnerable, according to Seriot, who showed how a malicious application could gather personal data from an iPhone without using private APIs.
In his presentation, (located here in PDF format) Seriot indicates that he believes portions of the iPhone subsystems that are simply not secured. Instead, functions including phone information and the file system can be accessed by making the right calls to variables.
Based on his conclusions, a malicious app is free to move around all it wants once inside the system -- reading a user's address book, stealing their phone number, viewing their browser history, and culling other private data from the device.
Apple did not respond to requests for comment.
Seriot also said that unlike the transmission methods popular among PC malware, iPhone trojans will make their way to the device by way of the Apple App Store.
"Reviewers can be fooled," he noted in his presentation, where he described the App Store as "a filter with false negatives."
"Spyware ... can be clever, and Objective-C['s] dynamic nature does not help the reviewers," he added.
He recommended Apple implement different levels of privileges to access iPhone internals, and that access be denied by default.
He also suggested that users be prompted to authorize read or read-write access to the Address Book, that the Wi-Fi connection history shouldn't be readable by a mobile user, that the keyboard cache should be an OS service, and that the iPhone should feature an outgoing firewall.
Andy Patrizio is a senior editor at InternetNews.com. Based in the San Francisco Bay Area, Andy covers datacenter, PC, and mobile hardware.