iOS Security Reports Say No iPhone Is Safe - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile // Mobile Applications
Commentary
4/2/2015
03:36 PM
Joe Stanganelli
Joe Stanganelli
Commentary
Connect Directly
Twitter
LinkedIn
RSS
100%
0%

iOS Security Reports Say No iPhone Is Safe

Recent research demonstrates that CIOs and other IT leaders need to pay more attention to iOS security.

Smartwatches, Ultra-Thin Notebooks, Odd IoT: Gadgets For Spring
Smartwatches, Ultra-Thin Notebooks, Odd IoT: Gadgets For Spring
(Click image for larger view and slideshow.)

Vulnerabilities in Apple iOS are cause for concern for CIOs and other IT leaders, as a range of recent research demonstrates weaknesses in the operating system and some of the apps that run on it.

Network security firm GFI Software issued a report that ranked operating systems by number and severity of vulnerabilities reported in 2014.

The report is based on GFI's analysis of the National Vulnerability Database, which is maintained by the National Institute of Standards and Technology.

According to the GFI report, Apple took the top vulnerability spots, with its Mac OSX at No. 1 with 147 vulnerabilities, followed by Apple iOS with 127 vulnerabilities. The Linux kernel was a close third, followed very distantly by Ubuntu and Windows. Android, meanwhile, had only six reported vulnerabilities for 2014 (although GFI took care to note that this number did not include certain Linux vulnerabilities that also apply to Android).

This report would seem to fly in the face of conventional wisdom that suggests Apple platforms are inherently more secure than their counterparts. Part of this might have to do with the fact that, in the past couple of decades, Apple has gone from tech underdog to tech champion -- tightening its grip on the mobile market. In fourth quarter 2014 (Apple's best ever), iOS dominated enterprise-scale smartphone activations, accounting for 73% of that market. Android accounted for 25% of all enterprise smartphone activations in the same time period.

(Image: Hurk via Pixabay)

(Image: Hurk via Pixabay)

Enterprise smartphone activations are tracked by Good Technology in its quarterly Mobility Index Report.

Based on analysis of monthly smartphone activations by its customers in Q4, Good Technology determined that iOS makes up 81% of devices in the financial services industry, 82% of devices in the public sector, and 95% of devices in the legal sector. (It's worth noting that the Good Technology report does not measure BlackBerry enterprise activations).

[ Why do hackers keep winning? Read How Malware Bypasses Our Most Advanced Security Measures. ]

Little wonder, then, that iOS has become a very attractive target for hackers and malware-makers. According to a February 27 CNBC report citing research by security firm FireEye, hackers have figured out ways to bypass the stringent security measures of Apple's App Store by pushing their malware through email or SMS messages. The fallout is that hackers are now able to attack non-jailbroken iPhones and iPads just as well as they can hit jailbroken ones.

Even vetted iOS apps can present data security and privacy issues. According to the February McAfee Labs Threat Report, app developers and their advertising partners can be highly abusive, particularly when it comes to mobile games -- tracking various network details and other information on their users.

The dangers of mobile apps have long been a topic of concern. In 2010, Robert G. Ferrell, then an information security specialist for the US Department of Defense, told CNET in an interview:

"If you haphazardly visit every link and download every file sent to you in e-mail or posted to your social-networking pages, sooner or later you're going to get nailed. Period. Platforms are passé [for hackers]. Apps are where it's at."

And when the App Store doesn't nail a target, social engineering might. Consider the curious case of Mat Honan, a tech reporter for Wired who in 2012 became locked out of his entire digital life-- online accounts, personal devices, and all. An impostor convinced AppleCare customer support that he was Honan and they granted him access to Honan's AppleID, despite being unable to answer any of Honan's security questions.

While Apple promptly announced "patching" the flaw in its processes that made the Honan hack possible, the company has continued to remain susceptible to social engineering. The following year, Apple performed the worst -- by far -- among 10 targeted companies at DEF CON's annual Social Engineer Capture the Flag Contest (SECTF). As part of SECTF, contestants inexperienced at social engineering were able to capture oodles of sensitive data ("flags") from Apple via basic research and social trickery -- scoring more than 33% more points on Apple than the next most susceptible company.

To be fair, iOS and other Apple attacks are still not nearly as common as those among Apple's competitors (FireEye reported that approximately 96% of mobile malware still focuses on Android devices, for instance). That fact does nothing, however, to deaden the growing concern among experts about threats to mobile security. As hackers devote more attention to Apple's mobile vulnerabilities, so too should security researchers, IT departments, and CIOs.

Attend Interop Las Vegas, the leading independent technology conference and expo series designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization’s IT action plan. It happens April 27 to May 1. Register with Discount Code MPOIWK for $200 off Total Access & Conference Passes.

Joe Stanganelli is founder and principal of Beacon Hill Law, a Boston-based general practice law firm. His expertise on legal topics has been sought for several major publications, including US News and World Report and Personal Real Estate Investor Magazine. Joe is also ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

News
Pandemic Responses Make Room for More Data Opportunities
Jessica Davis, Senior Editor, Enterprise Apps,  5/4/2021
Slideshows
10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
News
Transformation, Disruption, and Gender Diversity in Tech
Joao-Pierre S. Ruth, Senior Writer,  5/6/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Slideshows
Flash Poll