iPhone 3G causes security concerns

Reports have emerged that a Brazilian company has unlocked Apple’s much-hyped iPhone 3G ending the requirement to connect the device to exclusive carriers.

And, the iPhone Dev Team has claimed it is close to a full software jailbreak, a technique that bypasses digital rights management (DRM) on the device.

Less than a week after the iPhone’s release, the news may excite users in Brazil, China and Malaysia who were left off Apple’s supply list but instead continues to concern security experts.

According to Chia Wing Fei, security response team manager at security vendor F-Secure, those who use the jailbreak are at risk.

“Once you jailbreak your phone you have root privileges. So you can basically do anything with your phone such as installing applications or removing files.

“The SSH tunnel is open, and if using a public Wi-Fi network someone on that network can connect to your iPhone through the SSH tunnel and copy your files including your passwords," said Fei.

Prior to the release of the iPhone 3G, all iPhones sold in Asia were unlocked and un-patched. Fei said he doesn’t see why it wouldn’t happen with the new iPhone 3G, having limited operators in limited countries.

Adding to the woes, once users have the jailbreaking hack they rarely update the firmware.

“[User’s] don’t update the latest firmware because they’re afraid once they do, their iPhone becomes a very expensive paperweight or forced to restore everything.

Furthermore, updates for the iPhone are delivered through iTunes, they are not delivered over the air, like Windows, which is worrying.