Mobile
Commentary
11/30/2010
00:40 AM
Ed Hansberry
Ed Hansberry
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Security Risks In iOS And Android

Both Apple and Google are faced with security issues in their platforms that may put user's data at risk. The more computer-like smartphones become, the more they become at risk for having security holes and being the target of attackers to exploit those holes.

Both Apple and Google are faced with security issues in their platforms that may put user's data at risk. The more computer-like smartphones become, the more they become at risk for having security holes and being the target of attackers to exploit those holes.The security issue on iOS is with the Safari browser. An identity thief can hide the URL on the browser making it difficult for someone using an iPhone to accurately determine what site they are at. This phishing attack is worse than what is usually found on a PC. On a PC, you can generally avoid phishing by always paying attention to the URL in the browser's address bar. With the smaller screen of an iPhone, it is easier to hide the URL.

The proof-of-concept code is at Sans.org. So far there are no known public exploits and Apple has been notified of the issue, though there is no word when or if a fix will be available.

Google is also working on a patch for its Android operating system. This security hole allows a web site to get just about any data directly off of the devices SD card according to this InformationWeek article. The code can also retrieve some data from the device itself.

These and other risks are just part of the normal course of business on computing devices today. If Apple fixes its issue, it will be able to pass that to users very quickly through iTunes and remove the threat. Google though may have a harder time getting its fix into users hands. It doesn't own the update channel to the consumer. The hardware manufacturer or carrier does and they have often been slower to push updates to the consumer than Google has been at releasing updates in the first place.

This will be an interesting test to see if a security update spurs Google's partners to issue patches faster than they have issued other updates. Of course, Google has to write the patch for a number of older operating systems. They are only working on the patch for the Gingerbread release, but there are a lot of devices out there with this issue that don't run the latest. Now fragmentation isn't a nuisance, it is a potential threat to the safety of your data.

Comment  | 
Print  | 
More Insights
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - September 17, 2014
It doesn't matter whether your e-commerce D-Day is Black Friday, tax day, or some random Thursday when a post goes viral. Your websites need to be ready.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.