The new iPhone 4.0 is a piece of art, a handheld device which Andrew Berg of Wireless Week elegantly termed as ‘beautifuly flawed‘. Surprisingly, another report that went out un-noticed by mainstream media, unless you are in the Security business, rated Apple as the company with the most security vulnerabilities in its software, surpassing Oracle and even Microsoft in the last 5 years. This is shown by the now highly quoted, yet highly disputed, graph:
But it is not just the iPhone or Apple platforms that are going to see a surge in malware attacks due to these documented vulnerabilities. Kaspersky made this critical prediction in December 2009:
An increase in attacks on iPhone and Android mobile platforms. 2010 promises to be a difficult time for iPhone and Android users. The first malicious programs for these mobile platforms appeared in 2009, a sure sign that they have aroused the interest of cybercriminals. The only iPhone users currently at risk are those with compromised devices; however the same is not true for Android users who are all vulnerable to attack. The increasing popularity of mobile phones running the Android OS combined with a lack of effective checks to ensure third-party software applications are secure, will lead to a number of high-profile malware outbreaks.
There are three reasons why this prediction will hold and mobile devices are the next target for malicious attacks. First, newer, more accessible platforms and applications – and the vulnerabilities highlighted above – will open the doors to malicious attacks on and from mobile devices. And second, many of us are using our iPhones and Android Smartphones in the same way we use our PCs. We shop, surf the web, email, text, Twitter, Facebook and download on our phones. Thirdly, our phones house so much of our personal information – contacts, calendars, emails, texts, pictures and more – making them a valuable target for malware writers and malicious hackers.
So if you are the Chief Security Officer for your Enterprise or Service Provider, mobile devices are at your network’s perimeter and you will need to consider “edge” security solutions (which are typically transparent inline network traffic scanning solutions) – solutions that will protect your end-users’ mobile devices from malware attacks, and in so doing protecting your network infrastructure from attacks launched from compromised mobile devices.
You heard it here first – it is not just the antenna.