H4cked Off: I hate to say I told you so...

07 Jul 2011

Last month, I quoted security firm Kasperky's CTO Nikolay Grebennikov as he explained why he feels that Apple can't keep its iOS platform secure all by itself.

It's a fairly bold statement, but he went further, stating that Apple would be forced to open up the iOS within a year.

Apple keeps a firm grip on its mobile operating system, only allowing applications and services to be downloaded from its own store. And it, presumably painstakingly, vets these apps and their developers first, ensuring that they're free of malware and other nasties.

Android, a far more open platform, has no such restrictions.

Both operating systems are doing well, although Android is the faster growing, perhaps partly because it's easier for developers to get involved.

Having said that, Android has the worse security record, with DroidDream and other malware bursting out from seemingly innocuous apps once in a while.

Hell hath no fury like an Apple customer spurned. My article was quickly swamped with outraged comments from Apple devotees.

"Currently, iOS is completely immune from viruses and malware," shrieked one.

Another addressed Grebennikov directly with some career advice: "Dude, go get a new job, your business model is going bye-bye!"

Leaving aside the disconcerting and cultish fervour with which some Apple customers exalt the company, their unshakable belief that the platform is safe could be their undoing.

McAfee put it well in its 2011 Threat Predictions report:

"The popularity of iPads and iPhones in business environments and the easy portability of malicious code between them could put many users and businesses at risk. The lack of user understanding regarding exposure on these platforms and the lack of deployed security solutions make a fertile landscape for cyber criminals."

I realise I'm quoting security companies with something to gain from identifying a need for additional security in the iOS, but that doesn't mean the need isn't there.

This week, elite hacker Comex released a jailbreak service for the latest iOS version. In so doing, he revealed a zero-day flaw in the platform, managing to skirt around its security counter-measures. That flaw is now in the public domain. By the time you read this, malware will be out there in the ecosystem, exploiting this vulnerability.

And as a closed system, there's little iOS users can do to protect themselves until Apple releases a patch. Actually that's not true. You can jailbreak your device using Comex's service, then download his own patch which fixes the problem.  Irony?

OK. So I lied. In fact I love to say I told you so.

Anything can be hacked, it just has to be worth the effort. Apple products are no exception. And I say this as an Apple user myself, just one who has yet to be initiated into the cult.

Stuart Sumner, chief reporter and security geek

blog comments powered by Disqus