Marius van Oers McAfee
downloads slides (PDF)
Apple's iPhone programming was initially locked down, and even though there were ways/cracks around that, it didn't officially allow external 'native' application programming, allowing mainly external Web 2.0-based applications.
Early in 2008 Apple introduced an SDK (Software Development Kit) for the iPhone. There were at least seven beta versions of the SDK which could be freely downloaded. On the Apple iPhone many functions are neatly integrated - which is very useful, but it could in theory also be abused by malware. The address book not only keeps records of a contact's name and address information, its framework can be called by SMS and mail and also by custom third-party applications. It is possible to create a new contact or change existing contact information, for example changing a contact's telephone number to a costly 'adult' number, which can be annoying. Even worse, a combination of a mass-mailer and auto-dialler might not be impossible. As well as an annoyance this could result in huge financial burdens on consumers.
This presentation takes a look at what Apple iPhone programming with an SDK can do and what possible new malware attack vectors could arise from it.