Are iPhone security risks different than those of other mobile devices?

Are iPhone security risks different than those of other mobile devices?

Now that the iPhone is available, should enterprises be worried about iPhones more than any other mobile devices? I've heard that the devices offer little in terms of security, but are the security risks all that different?

    Requires Free Membership to View

    Login

    SearchSecurity.co.UK members gain immediate and unlimited access to breaking UK industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.co.UK today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.co.uk you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.co.uk is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Your timing is quite amazing. It just so happens that I purchased an iPhone last night and set it up early this morning. It's a dazzling device, but you are right to bring up security concerns. Only a few short weeks after its release, researchers had already discovered vulnerabilities associated with the iPhone's browser and mail client. I agree with you that the security risks of an iPhone are comparable to other wireless devices, but the iPhone does bring some special issues that are a cause for concern:

  1. The iPhone is a product with gobs of new software on it. Surely, bugs will be scrubbed out over time, and many of these bugs will have security implications. Some iPhone supporters might point out that the iPhone is based on Mac OS X, and therefore isn't as worrisome as totally untried software would be. But a lot of the capabilities on the iPhone are being introduced for the first time, and the glue that links all of these applications together -- including the contact list, calendar, email and phone features -- is new. Security vulnerabilities are often found in a product's underpinnings, and if similar weaknesses are found in the iPhone, an attacker may be able to steal contacts or break phone connectivity.
  2. The iPhone is sexy. Researchers are already trying to make a name for themselves by finding flaws in the product and announcing them publicly. Expect to see a lot more of that in the near future, as the security community "breaks in" this newcomer.
  3. The iPhone is feature-rich. This gadget has more applications and functions than most other widespread cell phone technologies. Thus, there is more of a chance for interference with a user's life.
  4. As of this writing, the iPhone doesn't integrate with many enterprise email systems, although Apple has hinted that the incompatibility issues will be addressed very soon. Integration, however, might make users bend over backwards to exfiltrate their own email so that they can read their messages on the new device. The transfer could possibly short-circuit carefully secured enterprise email infrastructures.

Only time will tell, but I wholeheartedly think there will be a good number of iPhone security issues in the next six months or so. It's going to be a heck of a ride. But the product is so nifty that I did sign up for my seat on the roller coaster.

More information:

  • Shellcode has been published for Apple's iPhone. Learn how the device can be used as a pocket-sized attack platform.
  • An expert warns that the Apple iPhone will provoke complex mobile attacks.

    • This was first published in September 2007

    Back to top