Analysis: iPhone malware evolution on overdrive

By on
Analysis: iPhone malware evolution on overdrive

Massive mobile phone virus in 2010?

In the space of a month, Jailbroken iPhones have been attacked twice.

First at the start of the month by a rickrolling worm that was designed to annoy users. The second outbreak, which over the weekend, was designed to create an iPhone botnet and steal both personal information and cash from the victims.

This evolution of malware - from being a mere vandal to a thief - took years in the desktop world, but just one step with jailbroken iPhones.

For now, the malware has only affected jailbroken iPhones where the owner did not change the default password.

However, Gartner's UK-based mobile and wireless analyst Nick Jones believes Apple's own App Store will be the eventual source of malware for 'legal', un-jailbroken iPhones.

Since the launch of the App Store in July 2008, more than 100,000 applications have been approved, which has resulted in over a billion downloads.

This huge uptake means Apple isn't capable of inspecting all the functions of every application it approves for the store, said Jones, who was in Sydney last week for Gartner's ITxpo.

"If you look at the whole App Store model, there is no way that Apple can afford to inspect the code of every application that goes onto the App Store. They do some lightweight inspection and testing, it goes up on the app store and there is not a lot to stop it doing something malicious.

"What is effectively an uncontrolled wild west frontier store isn't going to be the place you get secure things," said Jones.

Another factor to the iPhone's vulnerability, according to Jones, is the lack of control most enterprises have over the actual devices - because they are usually purchased by the employee.

"The number of iPhones in the enterprise that are well managed - locked down and controlled so the enterprise decides what applications go onto it - is very small," he added.

In 2005, Gartner analysts predicted a major phone virus would spread once two criteria were met. Firstly, smartphones capable of being infected by malware would make up around a third of the market and secondly, those phones would regularly exchange executable files. At the time, they expected this to occur in early 2008.

"By year-end 2007, large-scale user-to-user sending of more-complex executables will be commonplace. Once smartphones account for 30 percent of all wireless telephones in use -- likely no sooner than the end of 2007 -- rapidly spreading attacks will be much more likely,' said Gartner analysts Pescatore and Girard.

Perhaps Gartner's initial prediction wasn't incorrect, it was simply a couple of years premature. 

What do you think? Should jailbroken iPhones be banned from the enterprise? How worried are you about iPhone or Apple security? Do you trust the App Store? Please let us know if the talkback below.

Got a news tip for our journalists? Share it with us anonymously here.

Most Read Articles

Log In

  |  Forgot your password?