With 10’s of millions of iPhone, rife with personal data and always connected to the Internet, it will be (is) an irresistible target for malware, spyware, identity thieves and more (you get the idea):

Apple iPhone owners in Australia have reported that their smartphones have been infected by a worm that has changed their wallpaper to an image of 1980s pop crooner Rick Astley.

via First iPhone worm discovered – ikee changes wallpaper to Rick Astley photo | Graham Cluley’s blog.

As more and more consumers use smart phones and the thousands of apps in the various market places, I am very concerned about an increase in identity theft, spyware, malware, etc.  I understand Apple’s code review process is rigorous but as with any highly competitive market, everything happens fast.  Will Apple, Google and others do enough to protect their users or will speed to market win (and consumers lose)?

A maker of some of the most popular games for the iPhone has been surreptitiously collecting users’ cell numbers without their permission, according to a federal lawsuit filed Wednesday.

The complaint claims best-selling games made by Storm8 contained secret code that bypassed safeguards built into the iPhone to prevent the unauthorized snooping of user information. The Redwood City, California, company, which claims its games have been downloaded more than 20 million times, has no need to collect the numbers.

via Backdoor in top iPhone games stole user data, suit claims • The Register.

Details of the SMS exploit for the iPhone will be released today at the Black Hat conference.  Apparently, Apple was notified 1 month ago but no word yet.  Android was also vulnerable but had been patched but apparently Windows Mobile is still vulnerable.

There will be a paradigm shift in the near future as people realize their mobile devices are full blown computers with enormous personal information about you and your company available.  It’s also perpetually network…that’s the point.  Phone, SMS, Internet, WiFi…it’s online and powerful.  When you combine all the personal data with literally billions of devices on the market, it’s a target that will be diligently exploited at every corner.  Details below:

If you receive a text message on your iPhone any time after Thursday afternoon containing only a single square character, Charlie Miller would suggest you turn the device off. Quickly.

via Your iPhone: Soon to be iPwned? | TechBlog | Chron.com – Houston Chronicle.

It looks like Apple is going to start approving 3rd party web browsers in the App Store. Today when performing a forensic acquisition of an iPhone, you basically only have worry about one browser. So, this development is probably good for the users but will begin to add more complexity to the forensic analysis of an iPhone.

The other day, a friend new to Mac told me they did not need anti-virus on the Mac since there are no viruses. Well, not exactly true. Anyway, for those that try to get a pirated copy of iWorks ‘09 instead of just paying the $79 to upgrade, they may get something extra.

(Note: while a trojan is not virus, it’s tends to fall into the same category for many people and good detection software will identify most).

Apple released the latest version of iPhone firmware yesterday. 2.2.1 does not appear to contain major updates but seems to cause problems with previously jailbroken phones. ZDNet Blog has a nice entry describing the update, lamenting the lack of progress in key areas (i.e. cut and paste) and makes a good point that if the update is meant to thwart the unlocking community, it is energy wasted as Apple will likely never win that “cat and mouse” game. Updates noted thus far are:

• Modem Firmware 02.30.03
• iPhone SDK 2.2.1
• Reports that Safari is “faster”
• Reports that it fails, “went into recovery mode right after update” and “had to restore”
• Rumored that 2.2.1 was released to support photo syncing from iPhoto ‘09
• Safari Now caches the last page in memory

More info to come, I’m sure and I will update as needed.