In a presentation to the crowd at the ToorCon Hacking Conference in San Diego, a Senior Researcher at Trustwave’s Spider Labs demonstrated that the vulnerability in Apple’s iPhone that has allowed the devices to be jailbroken could also be used to push malware onto the devices and intercept credit card data. Saturday’s demonstration illustrated how the original jailbreakme code could be modified to inject a stripped down remote monitoring application onto the iPhone.

The proof-of-concept code was named “Fat”. According to Eric Monti in an interview with Threatpost, “Fat” was an effort to learn from the work of the team that created the jailbreakme application by “weaponizing” the code. The results of Monti’s work added a rootkit that would remotely control the microphone, SMS, GPS and the camera on the iPhone.

Monti was able to use the rootkit to silently monitor credit card transactions from an iPhone application, “Square”, on an infected device. Though the proof-of-concept code that was demonstrated is harmless and the vulnerabilities that were exploited have been patched by Apple since early August, the point of the demonstration is that the iPhone is no less of a security concern than any other Smartphone platform in use.

Apple’s claim to security fame of having a secure device is made on the back of their review process for applications before submission into the App Store. The presentation of “Fat” demonstrates that Apple’s iPhone is just as vulnerable to attack as any other platform out there. In this particular case, all an attacker would need to do is redirect a browser session to a malicious website that operates in the same manner, with modified code, as the jailbreakme sites that are currently jailbreaking iPhones today.

As the iPhone begins to outsell BlackBerry’s in the world markets, we’ll start to see more research of this nature. Apple will continue to play wack-a-jailbreaker in their effort to keep their tight grip over users being able to install 3rd party apps on their own devices. But in doing so, they may be lulling their customers to sleep with a false sense of security. But the question remains: Is Apple’s model of control over the App store a better model than Android’s model of allowing the community to police the content of their Market?

Its unmistakable that Android has seen its fair share of malware over the last 12 months. This can be directly attributed to the fact that there is no review process for apps in the Market. But at least users are becoming educated about what they need to do when they are installing applications. Can the same be said about the iPhone. Is the security knowledge level as high as it is among the learning Android user base?