Q

Are iPhone security risks different than those of other mobile devices?

The security risks of an iPhone are comparable to other wireless devices, but the iPhone does bring some special issues that are a cause for concern.

Now that the iPhone is available, should enterprises be worried about iPhones more than any other mobile devices? I've heard that the devices offer little in terms of security, but are the security risks all that different?
Your timing is quite amazing. It just so happens that I purchased an iPhone last night and set it up early this morning. It's a dazzling device, but you are right to bring up security concerns. Only a few short weeks after its release, researchers had already discovered vulnerabilities associated with the iPhone's browser and mail client. I agree with you that the security risks of an iPhone are comparable to other wireless devices, but the iPhone does bring some special issues that are a cause for concern:

  1. The iPhone is a product with gobs of new software on it. Surely, bugs will be scrubbed out over time, and many of these bugs will have security implications. Some iPhone supporters might point out that the iPhone is based on Mac OS X, and therefore isn't as worrisome as totally untried software would be. But a lot of the capabilities on the iPhone are being introduced for the first time, and the glue that links all of these applications together -- including the contact list, calendar, email and phone features -- is new. Security vulnerabilities are often found in a product's underpinnings, and if similar weaknesses are found in the iPhone, an attacker may be able to steal contacts or break phone connectivity.
  2. The iPhone is sexy. Researchers are already trying to make a name for themselves by finding flaws in the product and announcing them publicly. Expect to see a lot more of that in the near future, as the security community "breaks in" this newcomer.
  3. The iPhone is feature-rich. This gadget has more applications and functions than most other widespread cell phone technologies. Thus, there is more of a chance for interference with a user's life.
  4. As of this writing, the iPhone doesn't integrate with many enterprise email systems, although Apple has hinted that the incompatibility issues will be addressed very soon. Integration, however, might make users bend over backwards to exfiltrate their own email so that they can read their messages on the new device. The transfer could possibly short-circuit carefully secured enterprise email infrastructures.

Only time will tell, but I wholeheartedly think there will be a good number of iPhone security issues in the next six months or so. It's going to be a heck of a ride. But the product is so nifty that I did sign up for my seat on the roller coaster.

More information:

  • Shellcode has been published for Apple's iPhone. Learn how the device can be used as a pocket-sized attack platform.
  • An expert warns that the Apple iPhone will provoke complex mobile attacks.
  • This was first published in September 2007

    Dig deeper on Handheld and Mobile Device Security Best Practices

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close