Encryption expert Phillip Dunkelberger, a former Apple employee and president of security firm PGP, believes that the iPhone is almost impossible to protect.
Methinks he has a point. Consider:
* Jon Lech Johansen (you may know him as DVD Jon) reported on his So Sue Me blog that he found a way to activate the iPhone for WiFi and iPod functionality, but not for phone.
* The iPhone Dev Wiki has released a tool that that "generate[s] a valid activation token based on the SIM card (and iPhone) information...[and] allow[s] for activation with virtually any AT&T/Cingular SIM that the iPhone is hardware-compatible with."
* SPI Labs warned iPhone users not to use the web dialer feature. "Attackers could exploit a bug in this feature to trick a victim into making phone calls to expensive "900" numbers or even keep track of phone calls made by the victim over the Web... [it could] be stopped from dialing out, or set to dial out endlessly."
For a malicious party, the full-fledged Linux-style OS running on the iPhone definitely provides an intriguingly large attack surface.
Update 7/22: several commenters complained about describing the iPhone's OS/X as a "Linux OS". While Linux and BSD apps will recompile and run on OS/X, it's true that they are not directly related in the genealogy of Unices. I've changed the word Linux to Linux-style, above.