In Depth
Technology
Apple faces security threat with iPhone
Widespread adoption could make Mac operating system attractive to malware authors
Last Updated May 4, 2007
By Saleem Khan, CBC News
It ranks among the most anticipated consumer product launches in years. More than a million people in the United States alone have asked to be notified when it becomes available. And it could represent the biggest risk Apple Inc. has faced since it gambled the company's future on the iPod digital music player.
The iPhone — Apple's first cellphone — could leave the company facing problems it has never dealt with once the device is launched in the U.S., according to security, mobile communications and computer experts who spoke with CBC News Online.
The Cupertino, Calif.-based company may have to contend with attacks on its Mac OS X operating system software that it has previously escaped because relatively few computer users work on Apple machines, according to David Marcus of McAfee Inc.'s Avert Labs.
Because malware authors prefer to hit as many victims as possible with their creations, the roughly nine to 10 per cent of worldwide computer users who use Apple's Mac OS operating system have been largely unscathed by viruses, exploitation of vulnerabilities and other malicious attacks and malware that have plagued Microsoft Corp.'s rival Windows operating system over the years, Marcus said.
It's no coincidence that most malware and attacks target Windows, he said: "Ninety per cent of people using computers are on Windows."
Malware landscape could change with iPhone
But that could change once Apple's hotly anticipated iPhone — which will run on OS X — hits the market, he said.
"Apple will probably see more widespread deployment of OS X because of the iPhone," Marcus said, explaining that the upswing in the operating system's market penetration will likely make it a much more attractive target for malware writers. "Apple is going to see things they've never seen before," he said. "They could see malware they have never had to deal with."
The threat is just a function of having a popular software platform, Marcus said. "Malware writers like the idea of convergence."
Assessment 'ill-advised'
Apple declined several requests from CBC News Online to comment on the potential risks to the iPhone, its operating system and what the company is doing to safeguard both, but an executive at computer security firm Symantec Corp. — a McAfee rival — said he does not foresee security problems in the near future.
"The attention the malware community gives a device is directly correlated with the adoption in the marketplace," said Paul Miller managing director for mobile security at Symantec. "It's not a function of the operating system, it's a case of market penetration."
He noted that out of 2.7 billion cellphones in use around the world today, the majority use the Symbian operating system.
"There are fewer Windows Mobile viruses than Symbian viruses – two-thirds of the devices use Symbian," Miller said. That comes to about 891 million phones.
The iPhone is forecast to sell about 10 million units by 2008 – just one per cent of the global cellphone market of one billion units over the same period, according to telecommunications analyst Ronald Gruia of research firm Frost and Sullivan Inc.
That would place the overall market penetration of the iPhone at around one quarter of one per cent by the end of 2008 — a figure too small to warrant much, if any, attention from malware authors, according to Miller.
"I don't expect to see a huge explosion until the device reaches critical mass in the marketplace," he said, adding that speculation about the risks Apple might face with the introduction of the iPhone could be seen as irresponsible.
"It would be ill-advised for any group to make statements," he said.
But another expert on mobile devices and computers says that Marcus and Miller are both right.
Viruses could 'completely subvert' iPhone
"The Mac OS is really robust," which makes it a reliable operating system to use on a device, said Srinivasan Keshav, a professor of computer science at the University of Waterloo in Waterloo, Ont. In addition, Apple has said only software certified by them will be allowed to run on the iPhone, he noted.
"But inherently complex systems are more prone to failure," he said, and that means there are likely more ways for malware authors to attack the device than if it ran on a more simple operating system. "The more rich the environment, the more risks it faces … a cordless phone doesn't reboot."
Keshav, an expert in mobile systems and what he calls "tetherless computing," said the iPhone presents a range of challenges for users and security experts alike.
"In one sense, this is a laptop in your pocket so the same problems you have on your laptop are the same on this," he said, noting that the iPhone will be able to communicate through Wi-Fi and Bluetooth wireless connections, which have already faced attacks. "There is a risk that viruses could completely subvert it."
That potential was highlighted by the Month of Apple Bugs project, mounted by security researchers to expose weaknesses in the Mac OS that Apple fans and officials often describe as more secure than rival systems. The project exposed dozens of vulnerabilities, some of which Apple has yet to repair.
But the iPhone and Mac OS are only two aspects of a broader risk posed to mobile devices, the experts said.
Apple's iPhone points to future
"The iPhone is only the beginning. It's setting the bar of what everyone else is going to do," Keshav said, explaining that assessment applies to both the benefits risks the device and its operating system face. But the broader target the iPhone might make of OS X is not a problem that will be unique to Apple. Mobile malware in general is expected to rise, especially as multi-function cellphones and electronic payment via the handset takes root in the Americas, Marcus agreed.
"Bad guys go after money," he said. Once digital payment becomes widespread here, the kinds of attacks currently done on desktop computers — phishing attempts, virus and Trojan attacks and more — will simply migrate to the newer platforms, Marcus said.
Menu
Technology
- Green machines
- Disk drive: Companies struggle with surge in demand for storage
- Open season: Will court decision spur Linux adoption?
- Analogue TV
- Video games: Holiday season
- Video games: Going pro
- Guitar Hero
- Parents' guide to cheap software
- Working online
- Laptop computers for students
- Technology offers charities new ways to attract donations
- The invisible middleman of the game industry
- Data mining
- Two against one
- The days of the single-core desktop chip are numbered
- Home offices
- Cyber crime: Identity crisis in cyberspace
- Yellow Pages - paper or web?
- Robotics features
- iPhone FAQ
- Business follows youth to new online world
- A question of authority
- Our increasing reliance on Wikipedia changes the pursuit of knowledge
- Photo printers
- Rare earths
- Widgets and gadgets
- Surround Sound
- Microsoft's Shadowrun game
- Dell's move to embrace retail
- The Facebook generation: Changing the meaning of privacy
- Digital cameras
- Are cellphones and the internet rewiring our brains?
- Intel's new chips
- Apple faces security threat with iPhone
- Industrial revolution
- Web developers set to stake claim on computer desktop with new tools
- Digital photography
- Traditional film is still in the picture
- HD Video
- Affordable new cameras take high-definition mainstream
- GPS: Where are we?
- Quantum computing
- What it is, how it works and the promise it holds
- Playing the digital-video game
- Microsoft's forthcoming Xbox 360 Elite console points to entertainment push
- Online crime
- Botnets: The end of the web as we know it?
- Is Canada losing fight against online thieves?
- Malware evolution
- Money now the driving force behind internet threats: experts
- Adopting Ubuntu
- Linux switch can be painless, free
- Sci-fi projections
- Systems create images on glass, in thin air
- Power play
- Young people shaping cellphone landscape
- Digital cameras
- Cellphone number portability
- Barriers to change
- Desktop to internet
- Future of online software unclear: experts
- Complaining about complaints systems
- Canadian schools
- Multimedia meets multi-literacy age
- Console showdown
- Comparing Wii, PS3 and Xbox 360 networks
- Social connections
- Online networking: What's your niche?
- Virtual family dinners
- Crackdown
- Xbox 360 console game
- Vista and digital rights
- Child safety
- Perils and progress in fight against online child abuse
- Biometric ID
- Moving to a Mac
- Supply & demand
- Why Canada misses out on big gadget launches
- Windows Vista
- Computers designed for digital lifestyle
- Windows Vista
- What's in the new consumer versions
- Cutting the cord
- Powering up without wires
- GPS and privacy
- Digital deluge
- RFID
- Consumer Electronics Show
- Working online
- Web Boom 2.0 (Part II)
- GPS surveillance
- Hits and misses: Best and worst consumer technologies of 2006
- Mars Rovers
- Voice over IP
- Web Boom 2.0
- Technology gift pitfalls to avoid
- Classroom Ethics
- Rise of the cybercheat
- Private Eyes
- Are videophones turning us into Big Brother?
- Windows Vista
- Cyber Security
- Video games: Canadian connections to the console war
- Satellite radio
- Portable media
- Video games
- Plasma and LCD
- Video screens get bigger, better, cheaper
- Video games:
- New hardware heats up console battle
- High-tech kitchens
- Microsoft-Novell deal
- Lumalive textiles
- Music to go
- Alternate reality
- Women and gadgets
- High-tech realtors
- The itv promise
- Student laptops
- Family ties
- End of Windows 98
- Bumptop
- Browser wars
- Exploding laptop
- The pirate bay
- Stupid mac tricks
- Keeping the net neutral
- PS3 and WII at E3
- Sex on the net
- Calendars, online and on paper
- Google, ipod and more
- Viral video
- Unlocking the USB key
- Free your ipod
- In search of
- Xbox
- Sony and the rootkit
- Internet summit
- Electronic surveillance