Last-minute presentation: Apple iPhone programming with SDK

Marius van Oers McAfee

   downloads slides (PDF)

Apple's iPhone programming was initially locked down, and even though there were ways/cracks around that, it didn't officially allow external 'native' application programming, allowing mainly external Web 2.0-based applications.

Early in 2008 Apple introduced an SDK (Software Development Kit) for the iPhone. There were at least seven beta versions of the SDK which could be freely downloaded. On the Apple iPhone many functions are neatly integrated - which is very useful, but it could in theory also be abused by malware. The address book not only keeps records of a contact's name and address information, its framework can be called by SMS and mail and also by custom third-party applications. It is possible to create a new contact or change existing contact information, for example changing a contact's telephone number to a costly 'adult' number, which can be annoying. Even worse, a combination of a mass-mailer and auto-dialler might not be impossible. As well as an annoyance this could result in huge financial burdens on consumers.

This presentation takes a look at what Apple iPhone programming with an SDK can do and what possible new malware attack vectors could arise from it.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.