An anonymous reader writes: I bought an iPhone last week, and have been playing with hacking it. The iPhone comes locked from Apple, both to the cell provider (AT&T) and with no possibility of installing third-party applications. There are several programs which, run from a box with an iPhone connected to it, can remove the application lock and install an installer on the phone. This requires almost no user intervention other than plugging in the phone and clicking on "OK"; no authentication of any type is required. The installer shows up in the phone's home screen automatically, and can then be used to install more third-party applications.
What's to stop someone from (for example) wrapping the installation tool in a fake iTunes update and sending out phishing e-mails linking to it, or making it part of a virus that modifies iTunes itself? The "update" would then install malware or a malware downloader on the phone itself. All processes on the phone run as root and have access to almost all components of the phone. Extant third-party apps include dialers, a voice recorder, and various chat and Internet tools. So I could see something that bugs a room and sends the audio over the 'net, something that sends copies of appointments and e-mails out to interested parties, or even a dialer repeatedly dials the number of a gay bordello in Washington, DC if the phone's number happens to belong to an Important Person.
My point is not to bash the iPhone. It's a fine device with a user interface nothing short of remarkable. But it would have been even better had Apple provided a *legitimate* installation mechanism for third-party applications, and a means of running them with reduced privileges. Nor do I have a problem with the people who created the iPhone hacks — they're just extending the phone's functionality to what it should have been out of the box. The lesson? Security through obscurity is never the answer, especially if it's easy to bypass!
