X
Tech
Home Tech Hardware

SpyPhone app harvests personal data from stock iPhones

The iPhone app can snag geolocation data, passwords, address book entries and email account information, all using just the public API that Apple has made available to developers.
Written by Ryan Naraine, Contributor

iphonedisassembly.jpg
Over on Threatpost.com, Dennis Fisher has the skinny on a new iPhone app that is capable of harvesting huge amounts of personal data from stock iPhones, including geolocation data, passwords, address book entries and email account information, all using just the public API.

The app, called SpyPhone, is the handiwork of Nicolas Seriot, a Swiss iPhone app developer who found a way to abuse the public iPhone API that Apple made available for application developers. Fisher reports that SpyPhone does not need any exploits or hardware attacks in order to access the iPhone's data.

Instead, SpyPhone relies on using the iPhone's usability and depth of features to its advantage. Once an application is on an iPhone, it has unfettered access to much of the data and settings on the device, a circumstance that SpyPhone's developer, Nicolas Seriot, exploited.

The developer has posted the source code for SpyPhone online and gave a talk about SpyPhone's capabilities at a security conference this week.

Editorial standards
Show Comments

Related

Placeholder product image alt text

The best AI image generators to try right now

Zoom Workplace

Zoom gets its first major overhaul in 10 years, powered by generative AI

Adobe logo at Adobe Summit

Adobe Premiere Pro's new AI tools blew my mind. Watch them in action for yourself