How all your iPhone apps can be hacked at once


Apps are the heart and soul for any iDevice, whether you own an iPhone, an iPad, or an iPod Touch. Almost everything has an app nowadays; Apple users could barely imagine our lives without apps.

But what would happen if hackers could use security flaws in certain apps to get into your device? Despite the increased, and (according to some) impenetrable security of the iOS, it could actually be good for hackers: many app developers do not put their own safeguards in place, depending on Apple exclusively for the security of their app.

“Security is now an afterthought for many app developers,” said Jonathan Zdziarski, senior forensic scientist at viaForensics, in a presentation at the Black Hat cybersecurity conference in Las Vegas on Thursday. “That means if you hack one, you can hack them all.”

How exactly would a hacker get in? First, the hacker would have to steal your iPhone. With the device being such a hot item, this probably is relatively easy to do if the victim doesn’t keep track of their belongings. Second, they would have to discover and exploit an iOS vulnerability before Apple does, which is the hardest part of the whole process, but not unheard of. Last year, Charlie Miller managed to get into Apple’s iTunes store, one of the most fiercely protected apps; Apple yanked his developer’s license right after the incident.

“This isn’t Chicken Little and the sky is falling,” Zdziarski told CNN Money. “But the message is if you don’t add your own security to your app, you’re highly susceptible.”

For example, the PayPal app, which should be one of the most (if not the most) secure apps because it handles financial information, has a bug that allows a hacker to place malicious code in a stolen iPhone and get all the log-in information that a user enters. It’s unlikely because the hacker would need about 20 minutes with the iPhone to do it before handing the phone back to the owner. But the point is it’s possible—and it shouldn’t be.