Could iPhone be new target for hackers?

With the launch of Apple's new iPhone in the US, security experts are warning companies to be wary of using the phone in the corporate infrastructure.

The phone has been launched to a blaze of publicity and offers users the ability to phone, text and email. As well as that it also integrates an iPod music player and a fully-featured web browser. But there are concerns that such a device could prove to be a security headache for IT departments.

"With 4-8GB worth of memory, security is a major concern for the iPhone, which can expose a lot of corporate data to both hacking and theft," said Matt Bancroft, vice president of mobile device management company Mformation.

He said that while many business and government offices have banned the use of iPods from the workplace, the iPhone is billed and priced as a corporate business tool. "Companies must be prepared to incorporate the iPhone into its security and management policies," said Bancroft.

This view was echoed by Tim Scannell, president of mobile and wireless consultants Shoreline Research. He said that most organisations have not yet had a chance to look at and evaluate the device, so it is not on a company's approved device list (meaning no service, support or security protections). "What will happen is that many people will buy it and use it in their organisations without approval. This means companies will have to scramble to update and approve or deny use of the phone," he said.

Scannell said that since the iPhone is primarily a consumer device, the majority of data will be non-business. "This creates a lot of problems for organisations since viruses that are hidden in downloaded music and video files can potentially worm their way up through corporate networks when the device is used over a companies Wi-Fi and wired network," he said.

Jan Volzke, Mobile Security global marketing manager at anti-virus company McAfee said that should the new Apple mobile gain popularity, it will become an attractive target for hackers.

"It will be imperative for Apple to continue to analyse the inherent security risks with the iPhone architecture," he said.

Volzke said that with the introduction of the phone with its cut down version of OS X could double the footprint of the operating system within a year if sales targets of the phone are met. "Apple has given hackers extra reasons to look at the operating system," he said.

But at present the one thing that could keep hackers away from the iPhone is the fact that its OS has no software developer's kit (SDK). This means third parties can't code applications to run directly on the new phone. At present, the closest anyone can get to do this is to develop web 2.0 applications to run on the iPhone's Safari web browser.

Laurent Gondicart, mobile security expert at Trend Micro said that the inability to run applications natively on the phone also prevents security applications running on it as well.

"You can't run an anti-virus application just through a browser as you need to drop components onto the kernel itself," he said.

But Jean-Paul Ballerini, a member of IT security company ISS's X-Force research team said that hackers could still code websites especially for the new phone that contain cross-site scripting attacks that would bypass access controls and steal information from users.

Email to a friend

Print this page

Social Bookmark this article: What is this?

Digg

Delicious

Reddit

StumbleUpon

Slashdot

Google

Facebook