Home > Ask the Information Security Experts > Questions & Answers > Are iPhone security risks different than those of other mobile devices?
Ask The Security UK Expert: Questions & Answers
EMAIL THIS

Are iPhone security risks different than those of other mobile devices?

Ed Skoudis EXPERT RESPONSE FROM: Ed Skoudis

Pose a Question
Other Security UK Categories
Meet all Security UK Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 10 July 2007
Now that the iPhone is available, should enterprises be worried about iPhones more than any other mobile devices? I've heard that the devices offer little in terms of security, but are the security risks all that different?

>
EXPERT RESPONSE
Your timing is quite amazing. It just so happens that I purchased an iPhone last night and set it up early this morning. It's a dazzling device, but you are right to bring up security concerns. Only a few short weeks after its release, researchers had already discovered vulnerabilities associated with the iPhone's browser and mail client. I agree with you that the security risks of an iPhone are comparable to other wireless devices, but the iPhone does bring some special issues that are a cause for concern:

  1. The iPhone is a product with gobs of new software on it. Surely, bugs will be scrubbed out over time, and many of these bugs will have security implications. Some iPhone supporters might point out that the iPhone is based on Mac OS X, and therefore isn't as worrisome as totally untried software would be. But a lot of the capabilities on the iPhone are being introduced for the first time, and the glue that links all of these applications together -- including the contact list, calendar, email and phone features -- is new. Security vulnerabilities are often found in a product's underpinnings, and if similar weaknesses are found in the iPhone, an attacker may be able to steal contacts or break phone connectivity.
  2. The iPhone is sexy. Researchers are already trying to make a name for themselves by finding flaws in the product and announcing them publicly. Expect to see a lot more of that in the near future, as the security community "breaks in" this newcomer.
  3. The iPhone is feature-rich. This gadget has more applications and functions than most other widespread cell phone technologies. Thus, there is more of a chance for interference with a user's life.
  4. As of this writing, the iPhone doesn't integrate with many enterprise email systems, although Apple has hinted that the incompatibility issues will be addressed very soon. Integration, however, might make users bend over backwards to exfiltrate their own email so that they can read their messages on the new device. The transfer could possibly short-circuit carefully secured enterprise email infrastructures.

Only time will tell, but I wholeheartedly think there will be a good number of iPhone security issues in the next six months or so. It's going to be a heck of a ride. But the product is so nifty that I did sign up for my seat on the roller coaster.

More information:

  • Shellcode has been published for Apple's iPhone. Learn how the device can be used as a pocket-sized attack platform.
  • An expert warns that the Apple iPhone will provoke complex mobile attacks.


    • Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


    RELATED CONTENT
    Wireless Network Security
    Cracks in WPA? How to continue protecting Wi-Fi networks
    Distrust of employees drives email monitoring
    iPhone email and SSL encryption
    AirPatrol tackles microwave menace
    Data destruction takes shame out of lost laptops
    Mobile threats: an update
    How to achieve laptop data security
    Split-tunnel VPNs: Susceptible to Trojans?
    Lessons learned from TJX: Best practices for enterprise wireless encryption
    Secure remote access: Closing the Windows Mobile Smartphone loophole

    Threat Management
    Cybercrime reports: Security not broken, but breaking at the seams
    Data losses set to soar, KPMG predicts
    Screencast: How to gather host-level data with Network Miner
    Appliance provides network access protection on school campus
    Market Harborough Building Society finds way to monitor users' network traffic
    'Phlashing' attacks
    How to identify network attacks proactively
    Stopping spam brings additional security benefits for cable company
    Finjan offers free audits for crimeware sufferers
    UTMs creep into the enterprise market, despite some resistance

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    Centre for the Protection of National Infrastructure  (SearchSecurityUK.com)
    Serious Organized Crime Agency  (SearchSecurityUK.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    SEARCH 
    TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2008 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts