iOS Security Reports Say No iPhone Is Safe - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile // Mobile Applications
03:36 PM
Joe Stanganelli
Joe Stanganelli
Connect Directly

iOS Security Reports Say No iPhone Is Safe

Recent research demonstrates that CIOs and other IT leaders need to pay more attention to iOS security.

Smartwatches, Ultra-Thin Notebooks, Odd IoT: Gadgets For Spring
Smartwatches, Ultra-Thin Notebooks, Odd IoT: Gadgets For Spring
(Click image for larger view and slideshow.)

Vulnerabilities in Apple iOS are cause for concern for CIOs and other IT leaders, as a range of recent research demonstrates weaknesses in the operating system and some of the apps that run on it.

Network security firm GFI Software issued a report that ranked operating systems by number and severity of vulnerabilities reported in 2014.

The report is based on GFI's analysis of the National Vulnerability Database, which is maintained by the National Institute of Standards and Technology.

According to the GFI report, Apple took the top vulnerability spots, with its Mac OSX at No. 1 with 147 vulnerabilities, followed by Apple iOS with 127 vulnerabilities. The Linux kernel was a close third, followed very distantly by Ubuntu and Windows. Android, meanwhile, had only six reported vulnerabilities for 2014 (although GFI took care to note that this number did not include certain Linux vulnerabilities that also apply to Android).

This report would seem to fly in the face of conventional wisdom that suggests Apple platforms are inherently more secure than their counterparts. Part of this might have to do with the fact that, in the past couple of decades, Apple has gone from tech underdog to tech champion -- tightening its grip on the mobile market. In fourth quarter 2014 (Apple's best ever), iOS dominated enterprise-scale smartphone activations, accounting for 73% of that market. Android accounted for 25% of all enterprise smartphone activations in the same time period.

(Image: Hurk via Pixabay)

(Image: Hurk via Pixabay)

Enterprise smartphone activations are tracked by Good Technology in its quarterly Mobility Index Report.

Based on analysis of monthly smartphone activations by its customers in Q4, Good Technology determined that iOS makes up 81% of devices in the financial services industry, 82% of devices in the public sector, and 95% of devices in the legal sector. (It's worth noting that the Good Technology report does not measure BlackBerry enterprise activations).

[ Why do hackers keep winning? Read How Malware Bypasses Our Most Advanced Security Measures. ]

Little wonder, then, that iOS has become a very attractive target for hackers and malware-makers. According to a February 27 CNBC report citing research by security firm FireEye, hackers have figured out ways to bypass the stringent security measures of Apple's App Store by pushing their malware through email or SMS messages. The fallout is that hackers are now able to attack non-jailbroken iPhones and iPads just as well as they can hit jailbroken ones.

Even vetted iOS apps can present data security and privacy issues. According to the February McAfee Labs Threat Report, app developers and their advertising partners can be highly abusive, particularly when it comes to mobile games -- tracking various network details and other information on their users.

The dangers of mobile apps have long been a topic of concern. In 2010, Robert G. Ferrell, then an information security specialist for the US Department of Defense, told CNET in an interview:

"If you haphazardly visit every link and download every file sent to you in e-mail or posted to your social-networking pages, sooner or later you're going to get nailed. Period. Platforms are passé [for hackers]. Apps are where it's at."

And when the App Store doesn't nail a target, social engineering might. Consider the curious case of Mat Honan, a tech reporter for Wired who in 2012 became locked out of his entire digital life-- online accounts, personal devices, and all. An impostor convinced AppleCare customer support that he was Honan and they granted him access to Honan's AppleID, despite being unable to answer any of Honan's security questions.

While Apple promptly announced "patching" the flaw in its processes that made the Honan hack possible, the company has continued to remain susceptible to social engineering. The following year, Apple performed the worst -- by far -- among 10 targeted companies at DEF CON's annual Social Engineer Capture the Flag Contest (SECTF). As part of SECTF, contestants inexperienced at social engineering were able to capture oodles of sensitive data ("flags") from Apple via basic research and social trickery -- scoring more than 33% more points on Apple than the next most susceptible company.

To be fair, iOS and other Apple attacks are still not nearly as common as those among Apple's competitors (FireEye reported that approximately 96% of mobile malware still focuses on Android devices, for instance). That fact does nothing, however, to deaden the growing concern among experts about threats to mobile security. As hackers devote more attention to Apple's mobile vulnerabilities, so too should security researchers, IT departments, and CIOs.

Attend Interop Las Vegas, the leading independent technology conference and expo series designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization’s IT action plan. It happens April 27 to May 1. Register with Discount Code MPOIWK for $200 off Total Access & Conference Passes.

Joe Stanganelli is founder and principal of Beacon Hill Law, a Boston-based general practice law firm. His expertise on legal topics has been sought for several major publications, including US News and World Report and Personal Real Estate Investor Magazine. Joe is also ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
4/4/2015 | 5:39:17 PM
Re: Apple: We are about Products. Not Security.
"..If you're online, you're at risk. What decisions will each of us make to help mitigate that risk on a daily basis? That's the real question."


@jagibbons    Excellent points.     Very true no one is safe.    And it is the responbility of the individual to be proactive in their use of safeguards and sensibility.   We are talking about the less technically inclined which numbers far more than we would like to admit.

True.    Not everyone is truly invested in the tech experience.    Many people see it as just something that just is much like a car or the phone. So I have to ask the question of are vendors ( Apple in particuliar ) doing enough for these types of users ?

On it's face, Apple is doing a decent job, but as you mention it is about pro-active management and awareness of threat.   For many years Apple either has(in) overtly claimed to be a "safer" computing experience - and since we and ( Apple ) know this is not necessarily the case - How long do they continue to benefit from the mis-conception ?

This misconception whether purposely or not has resulted in millions of additional units sold but I guess my real question is when will they ( Apple ) come clean to the laymen and when they actually educate this segment ?

Sounds to me like a series of commericals from Apple might raise awareness.   I doubt we will be seeing such a commerical anytime soon though.
User Rank: Ninja
4/3/2015 | 12:40:43 PM
Re: Apple: We are about Products. Not Security.
This is not a binary situation, not a choice of a "secure" product or an "insecure" product. The fact is that every device on the internet can be attacked. The individuals out there trying to perpetrate fraud and theft outnumber those who are chasing them down. All it takes is one vulnerability to gain access. The good guys have to protect 100% of vulnerabilities. It's a losing battle.

Now that we can all agree that nothing is completely safe, let's make sure consumers are properly informed that they aren't safe online just because they buy an Apple device (still a common misconception that I see among those less tech inclined).

If you're online, you're at risk. What decisions will each of us make to help mitigate that risk on a daily basis? That's the real question.
User Rank: Ninja
4/2/2015 | 11:15:47 PM
Apple: We are about Products. Not Security.

Did people really think Apple's products were more secure ?  Of course they did and thanks for debunking the myth.  I must admit I was surprised by the number of vulnerabilities in OS X.   I am a little more understanding of iOS, which leads me to believe Apple has lost some focus since Jobs passed.  

Instead of working on the "hard stuff" like vulnerabilities and that fact that OS X still doesn't work well in a network environment - we have instead approx. four different models of watches on the way.  

I thought Mr. Cook might be a granular type of CEO, but I was wrong.   It is simply about how many products they can sell - Vulnerabilities ?   What vulnerabilities.


Apple seems to have taken a page from Microsoft's book.

COVID-19: Using Data to Map Infections, Hospital Beds, and More
Jessica Davis, Senior Editor, Enterprise Apps,  3/25/2020
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
How Startup Innovation Can Help Enterprises Face COVID-19
Joao-Pierre S. Ruth, Senior Writer,  3/24/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
Flash Poll