Security Risks In iOS And Android - InformationWeek
IoT
IoT
Mobile
Commentary
11/30/2010
12:40 AM
Ed Hansberry
Ed Hansberry
Commentary
50%
50%
RELATED EVENTS
Building Security for the IoT
Nov 09, 2017
In this webcast, experts discuss the most effective approaches to securing Internet-enabled system ...Read More>>

Security Risks In iOS And Android

Both Apple and Google are faced with security issues in their platforms that may put user's data at risk. The more computer-like smartphones become, the more they become at risk for having security holes and being the target of attackers to exploit those holes.

Both Apple and Google are faced with security issues in their platforms that may put user's data at risk. The more computer-like smartphones become, the more they become at risk for having security holes and being the target of attackers to exploit those holes.The security issue on iOS is with the Safari browser. An identity thief can hide the URL on the browser making it difficult for someone using an iPhone to accurately determine what site they are at. This phishing attack is worse than what is usually found on a PC. On a PC, you can generally avoid phishing by always paying attention to the URL in the browser's address bar. With the smaller screen of an iPhone, it is easier to hide the URL.

The proof-of-concept code is at Sans.org. So far there are no known public exploits and Apple has been notified of the issue, though there is no word when or if a fix will be available.

Google is also working on a patch for its Android operating system. This security hole allows a web site to get just about any data directly off of the devices SD card according to this InformationWeek article. The code can also retrieve some data from the device itself.

These and other risks are just part of the normal course of business on computing devices today. If Apple fixes its issue, it will be able to pass that to users very quickly through iTunes and remove the threat. Google though may have a harder time getting its fix into users hands. It doesn't own the update channel to the consumer. The hardware manufacturer or carrier does and they have often been slower to push updates to the consumer than Google has been at releasing updates in the first place.

This will be an interesting test to see if a security update spurs Google's partners to issue patches faster than they have issued other updates. Of course, Google has to write the patch for a number of older operating systems. They are only working on the patch for the Gingerbread release, but there are a lot of devices out there with this issue that don't run the latest. Now fragmentation isn't a nuisance, it is a potential threat to the safety of your data.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll