By Victor Ng | Dec 19, 2008
It wasn't until recently - January 2008, to be exact, if memory doesn't fail me - that iPhone users encountered malware issues. Now, F-Secure Security Response Labs has reported the first known instance of iPhone spyware.
Called Mobile Spy, this piece of commercial software sells for US$99 a year.
Acording to F-Secure, Mobile Spy targets iPhone 3G users. It can secretly record all incoming or outgoing SMS messages, as well as the call history of any iPhone it's installed on.
This information is then uploaded to a remote server at various intervals, to be viewed via any Internet-connected device (PC or mobile) with a web browser.
Chia Wing Fei, Security Response Manager at F-Secure, said: "We have seen commercial smartphone spyware for Windows Mobile and Symbian operating system for years. However, Mobile Spy is the first spyware targeting Apple's iPhone."
"This doesn't use an exploit or a vulnerability. You won't get it from a drive-by-download or an e-mail," says Fei. "It requires a certain amount of work and physical access to the device to make this happen."
Another vendor, known as Flexispy, is launching a similar program on 21 Dec 2008 that is compatible with both 2G and 3G iPhone. The program can secretly read iPhone SMS messages, email, call records and even GPS locations inside a secure web account.
Both programs require the user to "jailbreak" the iPhone - or hacking its firmware to install unauthorized third-party applications.
F-Secure warned that cybercriminals will likely use commercially available software like Mobile Spy and Flexispy to steal passwords or use iPhone to send spam.
In the beginning
In early 2008, a malicious software application developed by an 11-year-old kid has received wide attention in the telecom world. What appeared to be a legitimate iPhone application - “iPhone firmware 1.1.3 prep” - turned out to be a piece of malicious software intended to ruin functionality on affected phones.
The malware developed by the boy passed itself off as an update for applications, which iPhone users can access using the installer.app feature. After a user downloaded and installed the file via the iPhone’s installer.app, the malware displayed the word “shoes” and proceeded to remove files critical to iPhone functionality.
The boy’s ISP was informed of the problem, his father was contacted, and the site hosting the malware was taken down.
Though by malware standards the virus was fairly tame, McAfee Avert Labs noted that the piece of software highlights an important security concern with iPhone, albeit one that depends entirely on the help of iPhone-jailbreaking users. McAfee recommended users only acquire software only from trusted sources and install only official firmware updates.
Links:
[1] http://www.searchsecurityasia.com/content/discovered-first-iphone-spyware#comment
[2] http://www.facebook.com/share.php?u=http://www.searchsecurityasia.com/content/discovered-first-iphone-spyware
[3] http://www.linkedin.com/shareArticle?mini=true&url=http://www.searchsecurityasia.com/content/discovered-first-iphone-spyware&title=Discovered - first iPhone spyware&summary=The first known instance of iPhone spyware has been spotted. Called Mobile Spy, it is a piece of commercial software that sells for US$99 a year.&source=searchsecurityasia.com
[4] http://del.icio.us/post?url=http://www.searchsecurityasia.com/content/discovered-first-iphone-spyware&title=Discovered - first iPhone spyware
[5] http://www.digg.com/submit?url=http://www.searchsecurityasia.com/content/discovered-first-iphone-spyware&title=Discovered - first iPhone spyware&bodytext=The first known instance of iPhone spyware has been spotted. Called Mobile Spy, it is a piece of commercial software that sells for US$99 a year.
[6] http://www.searchsecurityasia.com/forward?path=node/5464
[7] http://www.searchsecurityasia.com/print/5464
1 comments
Facebook
LinkedIn
Digg
