SpyPhone app harvests personal data from stock iPhones

Summary:The iPhone app can snag geolocation data, passwords, address book entries and email account information, all using just the public API that Apple has made available to developers.

Over on Threatpost.com, Dennis Fisher has the skinny on a new iPhone app that is capable of harvesting huge amounts of personal data from stock iPhones, including geolocation data, passwords, address book entries and email account information, all using just the public API.

The app, called SpyPhone, is the handiwork of Nicolas Seriot, a Swiss iPhone app developer who found a way to abuse the public iPhone API that Apple made available for application developers. Fisher reports that SpyPhone does not need any exploits or hardware attacks in order to access the iPhone's data.

Instead, SpyPhone relies on using the iPhone's usability and depth of features to its advantage. Once an application is on an iPhone, it has unfettered access to much of the data and settings on the device, a circumstance that SpyPhone's developer, Nicolas Seriot, exploited.

The developer has posted the source code for SpyPhone online and gave a talk about SpyPhone's capabilities at a security conference this week.

Topics: Hardware, iPhone, Mobility, Smartphones

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.