Spyphone App - Proof of concept

By Mr. Gibs
in Back Page News

 Share

Recommended Posts

Grand Master

Mr. Gibs

Posted
Posted (edited)
A Swiss iPhone developer has unveiled a new application that is capable of harvesting huge amounts of personal data from iPhones, including geolocation data, passwords, address book entries and email accounts information, images, Safari Browsing history, youtube, keyboard logger, etc. all this using just the public API exposed by Apple’s SDK.

In oder for this application, SpyPhone, to work, it does not need any exploits or any jailbreaking/firmware modification, attacks in order to access the iPhone’s data. Instead, SpyPhone relies on using the iPhone’s usability and depth of features to its advantage. Once an application is on an iPhone, it has unrestricted access to the large amount of the data and settings available on the device.

Seriot, the application developer, has posted the source code for SpyPhone online and gave a talk detail document on iPhone Privacy at a security conference, earlier this week.

The Worst Part: SpyPhone is more like a Trojan sitting in your OS silently and stealing data. All of the SpyPhone’s operations are executed in the background, without the knowledge of the iPhone’s owner, and just like any other Trojan, the application can be set to email reports on each infected phone back to the attacker.

And when this kind of app makes it to App store, it becomes a serious issue. And who knows if “one of those spyware apps” already has SpyPhone-alike features.

Sources:

http://www.taranfx.com/blog/spyphone-app-s...rom-all-iphones

http://seriot.ch/resources/talks_papers/iPhonePrivacy.pdf

---

The article is sensationalized but basically the guy is just trying to say any app can do this as it uses public APIs. If you're interested in trying it out, you can download the app from: http://github.com/nst/spyphone/. This proof of concept DOES NOT phone home, so any information retrieved will only be shown to you.

Edited by /- Razorfold
Link to comment
https://www.neowin.net/forum/topic/853524-spyphone-app-proof-of-concept/
Share on other sites
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Traffic has a surprisingly unexpected impact on your surroundings

      By +TRS-80 · Posted

      Population especially in high density areas creates more heat and more humidity. This can be noticed in an indoor arena or concert room which heats up when the room or arena fills with people, without air conditoning to cool it down, Watering of lawns creates more humidity as the moisture from the watering rises into the atmosphere, creating a more humid condition. The again, depopulating an arena or room after an event will drop the temperature inside. Desert areas are less humid for a number of reasons, including a lower population density. Tel Aviv has horrible weather, unless you like it hot and humid. Summer days are regularly 90+ F with humidity well over 70%. It is probably not as bad as Mississippi but still it is bad enough.
    • Show us your PC Setup - Bonus points for RGB

      By Steven P. · Posted

      Where is the "Wow!" emoji? This'll have to do 🤩
    • Why you need to take back control of your synced passwords and how to go about doing that

      By Steven P. · Posted

      I hear you on browser password manager, in my case I have two Google profiles, one was created when Google decided to grandfather us out of Workspace for Domains (with the replacement being too expensive for 25 users) resulting in my domain email address no longer being able to be registered to a new Workspace I created (for myself and another co-owner) so I could use Takeout and sync over some stuff to the new Workspace. Then I have my personal Google profile which I could be logged into on my desktop or Mobile, so I am saving passwords on one or the other, and when an URL changes another password for the same service gets added, it basically ends up being a giant mess. Unless I missed something is there a local decent password manager that can override the browser password managers for Chrome, Edge, Firefox (profiles) so that there is only one vault, and does that also support Passkeys (which to me are still confusing because sometimes it will ask for a Passkey on a phone I am no longer using!) Microsofts implementation of Passkeys is the worst!
    • Windows 11 version 26H2 is now available for testing in the latest preview build

      By Legend20 · Posted

      It's utterly baffling that we have no idea when we'll get new features even well after they've been released. Why Microsoft thinks this is a good rollout strategy is beyond me.
    • The Microsoft Office feature that time forgot

      By M. Murcek · Posted

      If it makes anybody happy, others will need to be bitter about it. (apologies to Yogi Berra)

  • Recent Achievements

    • First Post
      DrWankel earned a badge
      First Post
    • Reacting Well
      DrWankel earned a badge
      Reacting Well
    • Week One Done
      Supreme Spray LV earned a badge
      Week One Done
    • One Month Later
      Genuinetonerink- Dubai earned a badge
      One Month Later
    • Week One Done
      Genuinetonerink- Dubai earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      505
    2. 2
      +Edouard
      163
    3. 3
      PsYcHoKiLLa
      91
    4. 4
      Steven P.
      75
    5. 5
      Michael Scrip
      72
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!