iPhone Frenzy Will Tempt Hackers To Break Apple's Security
Security researchers at IBM admire the iPhone's apparent security but note it will suffer from its fair share of attacks.
With so many people anxiously holding their breath while simultaneously counting their pennies till Apple's iPhone ships next week, some researchers -- and probably many IT managers -- are wondering how secure this latest smart phone is going to be.
Well, according to IBM's security division, Internet Security Systems, the iPhone will have one thing going for it, at the same time it has one thing going against it, making for what should be an interesting product to track. The plus side is that it should take a pretty sophisticated hacker to break into the phone's system, but the negative is that all the frenzy that has been building up around the iPhone's release means many hackers will be inspired to try.
"We've been following it since it was announced," said Neel Mehta, the team lead of advance research group at ISS, in an exclusive interview with InformationWeek. "It's going to be challenging for the bad guys to exploit them like they do other [smart phones] but there will be a lot of individuals willing to try because of the amount of buzz around it... We've seen some very determined attacks on other mobile phone platforms, like the Symbian platform. A lot of these attacks are going to be very hard to launch against the iPhone."
A spokesperson with Apple declined to comment on the iPhone's security features.
Since Apple has been holding any prototypes of the iPhone extremely close to the vest, IBM's security researchers analyzed whatever information they could glean about the new phone that is a three-way combination of wide-screen iPod, cell phone, and Internet communications device. Mehta said they know the phone will run on Apple's OS X operating system, will use its Safari browser, and won't come with a software developer's kit. Researchers also evaluated how Apple deals with security updates and patches for its other products, like the Mac and the popular iPod.
Until Mehta and his researchers can get their hands on an actual iPhone, they're going on what they do know about the machine.
And one major thing they've been focusing on is that the iPhone won't have a software developer's kit. While that makes it harder for third-party vendors to make software for the phone, it's also going to make it a lot harder for hackers and malware writers to take advantage of it.
"They're not telling anyone how to write applications that run on the iPhone," said Mehta. "It's going to be much harder to write worms or viruses for that platform. Most malware written today for mobile platforms has been developed using software developer kits from the manufacturers. The lack of that on the iPhone will make it harder for people to develop malware for it."
He said another positive is that Apple historically has made it pretty easy to update their products. "That's relatively good news for the iPhone," he added. "We suspect the ability to update the phone will be relatively painless and robust. That's been a major problem with other smart phones. Many people will buy a smart phone and never update the firmware on it... Computers that run OS X have automated update mechanisms and looked at how easy it is to update firmware on iPods. It's very painless. It's just one click within the iTunes software."
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.