Apple may or may not equal security

iPad and iPhone development and security issues are across the blogosphere and traditional media today. Starting with some interesting antivirus industry news concerning the iPad…

    • Apple iPad users are being offered a security program to scan their new device for vulnerabilities and rogue software should such things emerge as threats.
    • Hailing it as the first iPad 'antivirus' program, Apple software security specialist Intego has released VirusBarrier X6 version 10.5.5, a small update that adds the iPad to its ability to examine and secure Apple computers, the iPhone and even the iPod touch.

In this interview by the Inquirer, our own David Harley posits that Apple’s model is not without its squishy spots and the solution may be to open their business model up:

    • "Harley said, "I'm not convinced that they can maintain that model indefinitely. First of all as more and more people want to jump on the [Apple] bandwagon it's going to be less and less feasible to spend the time of checking on every application for total security."
    • He added that there had been hints that there have been 'grey' applications that had got through.
    • "The other thing is that a lot of Apple users want freedom to choose their own applications. Sooner or later Apple is going to have to find someway of accommodating some of the people who break Iphones. There are an awful lot of them." This asks the question about 'jailbreaking', where doing it is a breach of Apple's agreement and in effect the user affected 'deserves everything they get'. This is why last year's reports of Apple Iphone Trojans weren't taken that seriously, as they hit hacked phones.
    • "I can't say that's completely wrong, but what are the odds that at some point some breach is going to leak into un-jailbroken phones?" If Apple did loosen the reins, Harley said that it would need some form of security that differed from application whitelisting, although he was unclear about what form this would take.”

Robert Scoble feels very similar about opening up the model but for more reasons than just security. He goes further in explaining the market dominance and why it frustrates mobile developers:

    • “So, how does Steve Jobs make sure that the best developers work on iPhone and don’t work on building systems that make it easy to port apps from iPhone to Android or Microsoft’s new Windows Mobile 7, or to Nokia or to RIM’s Blackberry (which is VERY hard to develop for)?
    • Well, easy, make it against the rules! This pisses everyone off, because they thought that they would be able to hire one development team to build for all platforms, but now they’ll have to build two development teams: one for the iPhone and one for everything else.
    • This guarantees that apps will suck on everything else, but will be fast and special on iPhone. Why? Because, well, if you hire a developer who can do Objective-C that developer is generally going to be a lot more talented than someone who can only do Flash. That developer will come up with some cool new features that the Flash or .NET versions won’t have (or, even worse, can’t have because those systems must compile to a lowest-common-denominator). Steve Jobs wins this game. Why? Because he — unlike in 1994 — controls the developers. “

Meanwhile, uber-techie and knowledge leader Steve Borsch reports that he’s not able to work securely through his iPad using best practices of https: 

    • “DEALKILLER #3 [regarding iPad and mobile blogging]: NO HTTPS
      When I’m on-the-go and need to access my WordPress backends I *always* login with https in order to ensure my username/password combo isn’t flying through a coffee shop’s Wifi connection exposed for snagging by some unscrupulous packet sniffer running on a geeks laptop.
    • It’s this sort of productivity stuff that is somewhat missing from the iPad *or* it takes a bunch of new steps most of us don’t yet know. With text editors for coders/developers out and coming out, easy ways to access remote servers (e.g., Box.net, iDisk for MobileMe, lots of built-in FTP capability in apps) I can see that it will become second nature to use our iPad’s for content creation at some point, but it’s just not yet there.”

Personally, I’m not sold on the iPad. Issues with security across the web just reinforce my opinion that security through obscurity isn’t a strategy that’s going to work forever. Does anyone know how valid this issue is? Let me know if I’m off-base and there is a secure method for blogging on the iPad.

Securing Our eCity Contributing Writer

Author ESET Research, ESET

  • Bob

    Ridiculous. iPhone and iPad can use HTTPS.

    • Charles Jeter

      @Bob: It makes sense that they can use HTTPS because there are many apps that do transactions which must be PCI-DSS compliant. I think the question here was whether the web browsing capability used as an interaction with a within the web-editing WordPress GUI was possible. Without such, the login data can become compromised by sniffing the packet traffic from any coffeeshop with an open or PwNed encryption standard like WEP or WPA (cracked).

      So – if anyone has an idea of how to accomplish this, please let me know so I can update the post! :) :)

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

4 articles related to:
Hot Topic
29 Apr 2010
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.