Security firms cannot protect the iPhone from threats

News 26 Nov, 2009

Recent incidents have put the iPhone's security in focus, but firms will not be able to develop anti-virus because of the nature of the system.

The security firm F-Secure has said that it would like to secure the iPhone from mobile security threats, but cannot due to the closed-off nature of the system.

The firm already offers security technology for mobile phones with Symbian and Windows Mobile systems, and in the future will offer protection for Android.

F-Secure chief research officer Mikko Hypponen said that people have asked for iPhone protection before, but it can't be developed.

“None of the existing anti-virus vendors can make one, without help from Apple," he said.

“Apple hasn’t been too interested in developing antivirus solutions for the iPhone, because there are no viruses, which of course, isn’t exactly true.”

He said that recent worm outbreaks targeted jail-broken iPhones, and suggested that Apple wasn’t interested in protecting these, as it didn’t approve of jail-breaking to begin with.

“So our recommendation is to avoid jail-broken phones, because it will weaken the security of a phone, whether the iPhone or any other device,” he said.

Arnoud de Vaal, director solution management at F-Secure's mobile unit, said that the company and its partners would love to offer security for the iPhone as it is growing its market share, but couldn’t as its software development kit (SDK) does not allow any programs to run out of its own sandbox.

“Any program can only look at its own files. For instance, if you were using antivirus or something similar, you can look at your own files but what you need to do is to look at files outside of it," he said. "That’s not legally allowed with the SDK.”

De Vaal's personal opinion was that it would be customers and bigger partners that would force Apple’s hand when it came to changing its system to allow security software to run.

“Apple is doing a good job of keeping everything in its own hands, but the fact of the matter is that if you are an end customer who bought an application not from the app store, something could happen,” he said.

However, it wasn’t just jail-broken phones that could be a problem. Hypponen said that if criminals developed exploits to break into the system - which has already been done by security researchers - then all iPhones would be vulnerable.

“What would really be a turning point would be malware which infected your iPhone through exploits," Hypponen said.

“Even the recent iPhone case wasn’t using an exploit, it was using your password because everybody knows the root password for iPhone devices," he said.

“With an exploit where your mobile phone gets infected on its own without you doing anything at all – that has never happened – and when it will, things will be totally different.”