| Main |

iPhone security potentially “an interesting problem”

MacWorld UK are running a quote from F-Secure’s Jarno Neimela, who says:

“The amount of technical information [available about the iPhone] makes it likely that sooner or later someone will create a worm or some other malware… This will create an interesting problem for the security field as the iPhone is currently a closed system and it’s not feasible to provide anti-virus or other third-party security solutions for it.”

Excuse me for pointing this out, but there is absolutely nothing to stop Apple from dealing with such a problem themselves, if they so desire, including—if necessary—providing their own anti-virus technology. There is simply no need for “third-party security solutions”.

My guess is that in such a circumstance Apple would simply push out updates via iTunes that removed the virus from phones and patched the vulnerability that it used to install itself. Even if an update has to wipe the phone completely to get rid of a virus, since users’ data is stored on their Macs or PCs, it only has to synchronise to return things to the way they were before.1

Moreover, the same reasoning (about the amount of technical information) could be used about the Mac. Where are the hordes of Mac viruses? Oh, that’s right, there aren’t any.

Sure, some jerk will probably write one sooner or later, but the status quo is that there are none2. Zip. Zilch. Nada. And there’s much more technical information available about the Mac than there is about the iPhone.

1 I should say that I don’t have an iPhone at present—I’m in the U.K., and unlike Stephen Fry I don’t have U.S. citizenship or a U.S. billing address, so I will have to wait until at least November 4th. Most likely I’ll wait a few generations of iPhones before I buy one anyway. Anyway, the point is that it’s possible that there are things that wouldn’t be saved, but even so it isn’t like wiping a computer and re-installing.

2 Sure, I know some anti-virus vendors have breathlessly proclaimed that they have found “the first Mac OS X virus”. But I’m talking a real, in-the-wild virus with some sort of actual payload (i.e. not Leap.A, Inqtana.A or OSX.Macarena). And yes, I know that some Office viruses can run on Mac Office (though many of them fail because Mac OS X is not Windows).

Posted by alastair on October 1, 2007 at 3:14 PM Digg It | | Comments (4) | TrackBacks (0)

Trackbacks

TrackBack URL for this entry:
http://alastairs-place.net/movabletype/mt-tb.cgi/158.

Comments

Given the enormous, concerted, cooperative effort to get legitimate apps on iPhone--all of it dashed in a single update--I find it ludicrous to suggest that someone will find a way to install an illegitimate app. If a bunch of talented, motivated good guys can't do it, then it's hardly likely that the bad guys will succeed.

And pray tell, what kind of third-party solution is he thinking about? Anti-virus software that runs on the iPhone? Just how would the user install such an app, Mr Neimela?

Posted by Ross on October 1, 2007 4:49 PM

Well, it’s worth remembering that there are some very clever people out there. Thankfully, very few of them are involved with malware, and there’s probably more money to be made overall in the legitimate software market than there is in phone malware (special cases like celebrities aside).

Posted by alastair Author Profile Page on October 1, 2007 5:00 PM

It’ll be interesting to see how this plays out, in that I’d imagine a significant number of unlocked iPhone users won’t run the updates as they don’t wish to have their phone re–locked and/or wish to keep running 3rd party applications. So unless Apple starts issuing security-only patches, which is unlikely due to their revenue cut of the contract, then a non–trivial percentage of iPhones will end up running older, vulnerable software. This will be the attack vector for any virus/worm writers, I’d imagine.

Here’s the vulnerabilities fixed in v1.1.1:
http://docs.info.apple.com/article.html?artnum=306586

Posted by ManxStef on October 1, 2007 5:23 PM

@ManxStef: Yes, certainly. Though I think the number of people prepared to unlock their iPhones after these news stories will be rather smaller, probably not enough for malware authors to bother with the effort of hacking into a closed platform that is generally easy to update.

Posted by alastair Author Profile Page on October 1, 2007 5:26 PM

Post a comment

If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thank-you for your patience.

(Your e-mail address will not be displayed or included in any pages served on this site; nor will you get any spam as a result.)

A live preview of your comment will be displayed below. It should refresh automatically when you stop typing, but if not then the “Preview” button above will update it.

Live Comment Preview