Security researchers are claiming to have found a way to run non-approved code on iPhones that have not been jailbroken. Charles Miller, a principal analyst at Independent Security Evaluators, and Vincenzo Iozzo, a student at the University of Milan in Italy, have discovered “more than one” technique for loading an application into a factory iPhone as a non-executable chunk of data, which then flicks over to an executable and could potentially be used to monitor the smartphone, listen in on calls or harvest user data.
“If you want to attack iPhones, you have to be able to run code to do whatever it is you want to do. Maybe that is grabbing credentials, maybe it is listening into phone calls, maybe it is turning on the microphone. Who knows? But this all requires that you be able to run code” Charles Miller
Unlike jailbreaking an iPhone, which usually requires physical access to the handset, this new system will work remotely. Apple’s security software – which was bolstered for the launch of the App Store, to prevent copied or pirated apps from being used – usually prevents such exploits, but Miller and Iozzo found several loopholes.
The attack will be demonstrated at the Black Hat Conference in Las Vegas next month. At present it works with iPhone OS 2.0, which is the version Miller and Iozzo developed it on; they’re unclear whether Apple will have addressed the exploit in iPhone OS 3.0, which is set for release on June 17th.