Researcher blasts iPhone security protections

A security researcher presenting at the Black Hat security conference in Washington DC has suggested that major flaws exist in the Apple iPhone.

Researcher Nicolas Seriot said that Apple was leaving major holes in the smartphone for its software which could possibly allow attackers and malware developers to craft applications which steal user data such as recent calls and locations.

"Overall security improves with each new iPhone version, but some basic security principles are still not correctly implemented, in particular the least privilege principle, the deny by default principle and also a recognition that it is dangerous for Apple to deny the existence of vulnerabilities," Seriot wrote in a whitepaper on the subject. [PDF]

To remedy the situation, Seriot suggested that along with acknowledging flaws Apple implement better protection of the iPhone's cache files and develop an outbound firewall to block transmission of potentially stolen data.

For users, Seriot suggested keeping a close eye on what they install on their iPhones, even third party software which comes from Apple's own App Store service.

"Consumers should be aware that iPhone security is far from perfect and that a piece of software downloaded from the App Store may still be harmful," he wrote.

"As a basic precaution, users should regularly clean the browser’s recent searches and the keyboard cache in Settings."