tssci security

My other phone is your iPhone

Here's a new 2008 security prediction for you --

The iPhone camera is an odd device. There is no notification that a picture is being taken, so the only requirement for malware is to wait for user activity and then start taking pictures.

My prediction is that malware will be written to do just this and upload it all to a website. The unknowing iPhone user's face with then be auto-BBQ'd (this link is NSFW) and other personal information will also be uploaded to further embarrass the individual.

The malware will likely be injected once Facebook apps start integrating well with the iPhone. Gives new meaning to the phrase, SuperPoke.

All you need to get started on this project is to integrate Metasploit with the iPhone Photo Library framework. A simple class-dump of PhotoLibrary.framework/PhotoLibrary will dump all the libraries, including the necessary CameraController class file. Creating a hidden photo-taking utility or integrating it with malware is easy from this point on.

For more information (and to see where I got some of the ideas), be sure to check out the book, iPhone Open Application Development: Programming an Exciting Mobile Platform, when it becomes available.

Posted by dre on Sunday, January 27, 2008 in Apple, Hacking, Privacy, Security and Tech.

blog comments powered by Disqus
blog comments powered by Disqus