The Metasploit Framework will have iPhone support soon. If that doesn’t mean much to you, consider that some people who use Metasploit for security research may use what they find for malicious purposes.
iPhone Could Be Playground For Attacks
Though the blogosphere has chattered incessantly about Apple’s iPhone firmware update, and the unpleasant side effects of having their shiny toys turned into doorstops, there is other news iPhone owners should note in passing.
Security firm F-Secure cited researcher H.D. Moore, the hacker who has been responsible for projects like the Month of Browser Bugs, as being hard at work in building iPhone support into Metasploit:
These and other developments in the field will make iPhone security research very interesting. The fact that Apple is actively defending iPhone locking makes it a very tempting target for skilled hackers – both as worthy challenge and for bragging rights. This means that we’ll probably see more details about the iPhone’s internals in the future. It’s already safe to say that the iPhone is probably the most well-known and understood closed system there is.
Unfortunately the amount of technical information makes it likely that sooner or later someone will misuse that information to create worm or some other malware. This will create an interesting problem for the security field as the iPhone is currently a closed system and it’s not feasible to provide Anti-Virus or other third party security solutions for it.
So if someone were able to create a rapidly spreading worm on the iPhone, protecting users against it would be problematic.
F-Secure also reasonably noted that previous iterations of mobile device viruses have proven slow to spread. If someone does find a way to get one swirling through iPhones, Apple would likely have time to push out a correction.
Plenty of work aimed at learning more about the iPhone has unveiled ways to unlock it, ways that Apple recently thwarted with a firmware update. As noted, Moore has completed some iPhone research already; Apple may get tested sooner rather than later.