- The iPhone is a product with gobs of new software on it. Surely, bugs will be scrubbed out over time, and many of these bugs will have security implications. Some iPhone supporters might point out that the iPhone is based on Mac OS X, and therefore isn't as worrisome as totally untried software would be. But a lot of the capabilities on the iPhone are being introduced for the first time, and the glue that links all of these applications together -- including the contact list, calendar, email and phone features -- is new. Security vulnerabilities are often found in a product's underpinnings, and if similar weaknesses are found in the iPhone, an attacker may be able to steal contacts or break phone connectivity.
- The iPhone is sexy. Researchers are already trying to make a name for themselves by finding flaws in the product and announcing them publicly. Expect to see a lot more of that in the near future, as the security community "breaks in" this newcomer.
- The iPhone is feature-rich. This gadget has more applications and functions than most other widespread cell phone technologies. Thus, there is more of a chance for interference with a user's life.
- As of this writing, the iPhone doesn't integrate with many enterprise email systems, although Apple has hinted that the incompatibility issues will be addressed very soon. Integration, however, might make users bend over backwards to exfiltrate their own email so that they can read their messages on the new device. The transfer could possibly short-circuit carefully secured enterprise email infrastructures.
Only time will tell, but I wholeheartedly think there will be a good number of iPhone security issues in the next six months or so. It's going to be a heck of a ride. But the product is so nifty that I did sign up for my seat on the roller coaster.
This was first published in September 2007