Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Security holes discovered in iPhones, iPad

A new security hole has opened up in Apple's iPhone, iPad and iPod Touch devices

A new security hole has opened up in Apple's iPhone, iPad and iPod Touch devices, raising alarms about the susceptibility of some of the world's hottest tech gadgets to hacker attacks.

Flaws in the software running those devices came to light after a German security agency warned that criminals could use them to steal confidential data off the devices.

Apple, the world's largest technology company by market value, said on Thursday that it is working on a fix that will be distributed in an upcoming software upgrade.

With the security hole, an attacker can get malicious software onto a device by tricking its owner into clicking an infected PDF file.

Germany's Federal Office for Information Security called the flaws "critical weaknesses" in Apple's iOS operating system.

Internet-connected mobile devices are still subject to fewer attacks than personal computer, but they could eventually prove a juicy target for hackers because they are warehouses of confidential banking, email, calendar, contact and other data.

Software vulnerabilities are discovered all the time. What makes the latest discovery alarming is that the weaknesses are already being actively exploited - albeit in a consensual way.

The latest concerns were prompted by the emergence of a new version of a program to allow Apple devices to run any software and circumvent the restrictions that Apple notoriously retains over software distributed through its online store.

There are security risks of doing so, but many people find it liberating to install their own software.

Although this program is something people would seek out, the weaknesses that its authors discovered could easily be used for malice, security experts say.

There is an irony in the controversy: The site distributing the program offers a fix for the problem, but to get the fix, a user has to first install the program in question. So a user must defy Apple's restrictions to get the protection until Apple comes up with a fix of its own.

Charlie Miller, a prominent hacker of Apple products, said it likely took months to develop the program to break Apple's restrictions, but a criminal might need only a day or two to modify it for nefarious purposes.

Apple spokesperson, Bethan Lloyd, said the company is "aware of this reported issue and developing a fix." She would not say when the update will be available.

One reason for gadget owners to take heart: Attacks on smartphones and other internet gadgets are still relatively rare. One reason is PC-based attacks are still highly lucrative.

Still, vulnerabilities such as the ones Apple is confronting show that consumers should take care of securing their mobile devices as they would their home computer.

"These things are computers - they're just small, portable computers that happen to have a phone tacked onto them," said Marc Fossi, manager of research and development for Symantec Security Response.

"You've got to treat them more like a computer than a phone. You have to be aware of what's going on with these devices."

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Apple, Symantec

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Apple, hackers, hacking, iOS, iPad, iPhone, ipod touch, mobile solutions, mobility, security
Latest Blog Posts
Whitepapers
  • Cloud printing in the enterprise: liberating the mobile print experience from cables, operating systems and physical boundaries
    In recent years mobile technology has proliferated throughout the enterprise. Today, virtually no one in the workforce is bound to a desk to work, check e-mail or communicate with co-workers and customers. At the same time, we’re seeing the rise of cloud technologies, loosely defined as online resources, often provided as a service, that manage the data and software that used to run solely on PCs. This merger of mobile and cloud technologies is on its way to becoming one of most significant enablers of business productivity and innovation seen in the past decade. Read more.
    Learn more »
  • Get the Whole Picture Why Most Organizations Miss User Response Monitoring—and What to Do About It
    You can be armed with vast amounts of performance metrics, but if you don’t know what users are actually experiencing, you don’t have the real performance picture. While this measure is critical, it is one many organizations fail to consistently capture. This guide looks at the challenges of user response monitoring, and it shows how you can overcome these challenges and start to get a real handle on your infrastructure performance and how it impacts your users’ experience.
    Learn more »
  • Print security and the mobile workforce
    Where, when, and how we work is changing. Whether your employees are working on the road without a dedicated workstation or from a home office, they need a safe way to print. Driving this shift is the accelerating adoption of smartphones, tablets, and other mobile devices. But even with these devices, printing remains a key business function for virtually all employees, and many may already be using them to print. Read more.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments