A security researcher at the Black Hat conference in Washington DC has claimed that major flaws exist in the Apple iPhone.
Nicolas Seriot said that the smartphone contains serious vulnerabilities which could allow attackers and malware developers to craft applications that steal user data, such as recent calls and locations.
"Overall security improves with each new iPhone version, but some basic security principles are still not correctly implemented, in particular the least-privilege principle, the deny-by-default principle and a recognition that it is dangerous for Apple to deny the existence of vulnerabilities," Seriot wrote in a paper entitled iPhone Privacy (PDF).
Seriot argued that Apple should acknowledge the flaws, implement better protection of the iPhone's cache files and develop an outbound firewall to block the transmission of stolen data.
The researcher warned iPhone users to keep a close eye on what they install on the handset, including third-party software from Apple's App Store.
"Consumers should be aware that iPhone security is far from perfect, and that a piece of software downloaded from the App Store may still be harmful," he wrote.
"As a basic precaution, users should regularly clean the browser's recent searches and the keyboard cache in 'Settings'."
No comments:
Post a Comment