The Inquirer-Home

The Iphone OS needs to be opened up, says Kaspersky

Apple can’t check every single app
Thu Apr 29 2010, 13:15

THE INFOSEC CONFERENCE WAS TOLD that Apple's Iphone is secure for now, but if Apple doesn't open up the system it will lose out to rival mobile operating systems due to its lack of flexibility.

Eugene Kaspersky, founder and CEO of Kaspersky Labs, said at Infosec that if Apple does not change its Iphone OS within three years to be more open like Android, it will lose market share because there will be less software supporting it.

He said, "Symbian was very secure. Nokia had a very secure system for years, but it started to lose the market because it didn't have the functionality."

"They changed its mind and now it's open source. They moved from the far, far left to the far, far right in terms of security."

Software vendors can't put security software on the Iphone because it is so locked down, so Kaspersky obviously has a vested interest in making the device more open as his company deals with mobile security.

So the Inquirer went for a talk with David Harley, director of malware intelligence at ESET, who has had many years experience with Apple security and was speaking at Infosec on the subject.

He said that Apple's whitelisting of Iphone applications, where the availability of apps is controlled by Apple, means that that anything running on the apps store is thought to be 'safe'.

Harley said, "I'm not convinced that they can maintain that model indefinitely. First of all as more and more people want to jump on the [Apple] bandwagon it's going to be less and less feasible to spend the time of checking on every application for total security."

He added that there had been hints that there have been 'grey' applications that had got through.

"The other thing is that a lot of Apple users want freedom to choose their own applications. Sooner or later Apple is going to have to find someway of accommodating some of the people who break Iphones. There are an awful lot of them."

This asks the question about 'jailbreaking', where doing it is a breach of Apple's agreement and in effect the user affected 'deserves everything they get'. This is why last year's reports of Apple Iphone Trojans weren't taken that seriously, as they hit hacked phones.

"I can't say that's completely wrong, but what are the odds that at some point some breach is going to leak into un-jailbroken phones?"

If Apple did loosen the reins, Harley said that it would need some form of security that differed from application whitelisting, although he was unclear about what form this would take. µ

 

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?