iPhone cleared for security primetime

Powered by SC Magazine

Safe for now, but uncertain future.

The hundreds of thousands of new iPhone owners should not lose any sleep over the security of the Apple smartphone in the near future, say experts.

"While vulnerabilities may be found and zero-day exploits may be released, chances of widespread infection are currently low," security researcher Eric Chien with Symantec wrote in a posting on a company blog.

The reduced risk stems from Apple's decision to keep development of third-party software limited to browser-based JavaScript and Ajax code. This keeps users in a secure 'sandbox' environment that prevents malicious code from accessing other parts of the system.

Chien also cited the iPhone's automatic upgrade system, which allows for speedy deployment of patches.

Other security experts, however, aren't so sure about the iPhone's defenses.

Trend Micro's Todd Thiemann and David Perry toldvnunet.com that while the iPhone currently faces fewer threats than competing smartphones, the long-term outlook is much more hazy.

If Apple decides to open developer access to the iPhone in order to compete with other smartphones, new software components will be available for attackers to target.

"The key factor is the degree to which you can install third-party apps," said Thiemann, director of device security marketing.

"There's a smaller risk of anything bad happening, but the market dynamics are such that consumers are moving towards (open) smartphones."

Likewise, if the iPhone takes off and gains significant market share, it will see a great deal more scrutiny from an increasingly for-profit malware development community.

"If the iPhone becomes the lead dog, research will get done," said Perry, global director of education.

"When you move from the caboose of the train to the locomotive, you find it is the locomotive that hits things."

Copyright ©v3.co.uk

iPhone cleared for security primetime
Top Stories
Five zero-cost ways to improve MySQL performance
How to easily boost MySQL throughput by up to 5x.
The big winners from Defence’s back-office IT refresh
Updated: The full list of subcontractors.
Tracking the year of CIO churn
[Blog post] Who shone through in 12 months of disruption?
Sign up to receive iTnews email bulletins
Latest Comments
Which is the most prevalent cyber attack method your organisation faces?

   |   View results
Phishing and social engineering
Advanced persistent threats
Unpatched or unsupported software vulnerabilities
Denial of service attacks
Insider threats