iPhone security: Nightmare for IT or no big deal?
Security experts are all over the ballpark with their predictions
Computerworld - Apple Inc.'s iPhone will prove to be a security nightmare to corporate IT when it debuts Friday. Or it may fuel a surge in mobile malware. Or it won't change the security landscape one whit. Take your pick, said security researchers and analysts today.
With details still unclear -- Apple has said next to nothing about iPhone security -- it's no wonder that the device's vulnerabilities are in the eye of the beholder, even if those beholders are professionals who make their living researching vulnerabilities and blocking exploits.
"It's a nightmare for security teams," said Andrew Storms, director of security operations at nCircle Network Security Inc. "What I'm afraid of is that enterprises are going to get pressure from, say, sales, to bring this in. And even if it's not approved, people will try to connect it to their corporate networks. It has no place in the enterprise."
Storm's problem with the iPhone stems from the lack of a security management tool that could enforce company policies about which devices connect to the network and when. "There are no central management tools. If there was a product that integrated with [Mac] OS X Server, it would be a totally different story," said Storms. "Apple has been quiet about enterprise security, so we have to expect and plan for the worst."
Neel Mehta, team lead for Internet Security Systems Inc.'s advanced research group, agreed -- up to a point.
"All the press around the iPhone makes it a very enticing target for hackers," said Mehta, who has forecast malware aimed at the new device will be developed in the near future. "The fact that it runs Mac OS X means that there is a good possibility that vulnerabilities found on the OS will also affect the iPhone. [Hackers] may be able to port the hacks they find on one to the other."
But Mehta also said he sees an upside to iPhone security. One likely boon: the omission of an software developer's kit for the phone. The decision to forgo an SDK and instead force application writers to deliver software and services through the embedded Safari browser may have disappointed developers, but it got a thumbs-up from Mehta.
"The lack of an SDK will limit the development of viruses and worms," he argued. "Without one, it's going to be very challenging [for anyone] to run any software on the iPhone."
And even if malware authors manage to overcome the difficulty, Mehta doesn't expect the iPhone's world to come crashing down -- at least not right away. "I think we'll begin to see attempted exploits, if they do appear, very quickly after the iPhone launch," he said. "It will probably be more attractive as a research target than an exploit target, because the market share just won't be comparable to other platforms for a long time to come."
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts