iPhone: A Perfect Portable Hacking Platform

Despite the various pros of the N800 (including above all extensibility with Python) and the cons of the iPhone detailed previously, a lot of iPhones have sold. You, your users, and their colleagues and friends will be using them and may be at risk.

One of the ways that Apple apparently kept the iPhone's system overhead low is by discarding (or keeping to an absolute minimum) user permissions and letting all applications run as root (roughly equivalent to the Windows 'Administrator' login). Consequently, a chink in the armour of any application on the iPhone allows full root privileges of the entire device. The iPhone's administrative password has already been cracked, being decyphered three days after the phone's launch. Cybercrooks may now compile exploits for any of the iPhone's applications and use it to steal or spy, using it as a remote listening device (aka 'bug') or a remote platform for wireless attacks. As H.D. Moore has noted:

"A rootkit takes on a whole new meaning when the attacker has access to the camera, microphone, contact list and phone hardware. Couple this with 'always-on' Internet access over EDGE and you have a perfect spying device."

Mobile attacks are therefore a very real threat now. Sure, your program may pull values from your network, but where is the network getting those values and are they influenced at all by a user? Programming for security has always meant not trusting the values your program accepts from its environment, but now it is at least doubly important to test them.