The recent success of a group of hackers in compromising the security of Apple's iPhone may have opened the way for malware and root kits. At the ToorCon Hacking Conference Eric Monti, a Senior Researcher at Trustwave's Spider Labs demonstrated how the same kind of vulnerabilities and exploits that allowed a team of hackers to "jailbreak" iPhones and iPads from Apple's content restrictions could be used to push rootkit-style malware onto those devices.
This can be used to intercept credit card data from an iPhone-based transaction. Monti created a proof of concept iPhone rootkit, dubbed "Fat" by modifying the original jailbreakme code to create a stripped down remote monitoring application.
In an interview with Threatpost he said that he removed system prompts created by the jailbreakme app and added a rootkit feature to remotely control such key iPhone features as the microphone, camera and geolocation services, as well as SMS.
While the program is harmless and the vulnerabilities in question were patched by Apple in early August, Monti thinks that the iPhone is a soft target. "There are lots of different applications for causing mayhem," Monti said. "We talking about some pretty sensitive apps: banking, credit card processing, point of sale, SCADA," he said.