The danger of the Kill Switch

There has been a lot of talk around the “kill switch” that Apple seems to have implemented in the iPhone.

While people say the app review before stuff gets released in the AppStore should prevent them from having to use it, I can understand why that will not work. The review can only be on the surface, malicious stuff may be well hidden in an app.

There are already two ways to disable the kill switch (one more reason to jailbreak your iPhone): the new version of BossPrefs and a quick /etc/hosts hack.

The bigger danger, however, is someone mis-using the kill-switch. The URL seems to be https://, so re-directing to a different server should not be possible (provided the iPhone really does check the site certificate). If BossPrefs can disable the switch, this of course also means that a malicious app could just point the call to a different server and either just spy on you or disable your apps at will.

I wouldn’t be surprised to see this “feature” prominently discussed on one of the next security conferences.