July 27, 2012
Apple fans may believe that their iDevices are safe from malicious software, but app developers who put all their faith in the embedded security of the technology behemoth may be leaving themselves open to hackers, cautions an industry analyst.
According to CNN, a recent presentation by Jonathan Zdziarski, a forensic scientist at viaForensics, at a cybersecurity conference focused on cloud computing data security, with Apple's iPhone high on the list of possible targets. The smartphone is one of the most popular devices in the world, with millions of units sold since it was launched in 2007, and Apple has been especially successful in getting some areas of the federal government to purchase the product.
In order for Apple to become a provider of smartphones and, to a lesser extent, tablets for The White House and the U.S Military, the company was forced to update its iOS mobile operating system to comply with the security requirements of government agency use. According to Zdziarski, this has had a "nasty, unintended consequence."
The Dark Art of iOS Application Hacking
While Apple presented a white paper on the web security features that they have included in their operating system, Zdziarski hosted a workshop entitled "The Dark Art of iOS Application Hacking." The main focus of his talk was the revelation that an increasing number of app developers don't even think about including a security safeguard, believing that Apple has all the bases covered.
"Security is now an afterthought for many app developers," Zdziarski said. "That means if you hack one, you can hack them all. This isn't Chicken Little and the sky is falling, but the message is if you don't add your own security to your app, you're highly susceptible."
Apple declined to comment but, according to CNN Money, for a hacker being able to simultaneously affect every app on your iPhone, he or she would have to steal the phone and then discover a vulnerable spot in the iOS operating system. Experts believe that this is an unlikely scenario, and even when a rogue developer manages to sneak malicious software into the App Store, the company is normally able to shut the app down quickly and efficiently.
Zdziarski admits that his intention wasn't to "call out Apple", but with so many applications available, he was aiming to bring the issue of data loss prevention to the forefront of app development.
"Apple has good security," Zdziarski said. "Just don't rely entirely upon it."
-McAfee Cloud Security