Apple's bitter bite29/02/2008 Written by Roberto Preatoni
Security company Sophos recently released a malware 2007 report .
By reading the whitepaper, we get some interesting confirmations about malware/cracker’s trends much long ago anticipated also by Zone-H.
For the first time ever a report is focusing on traditional security threats as well as on hot topics such state sponsored espionage and cyberwar. Concepts that have been longly anticipated by a few of long-sighted observers, possibly having Zone-H’s members in the front line.
The Sophos whitepaper is truly insightful, and by reading it we have the impression that the bitter bite of the rotten security cake will soon end up in Apple’s mouth. The report in fact, devotes a large section to “Ultra-mobile PCs, iPhones and Wi-Fi devices”. In Sophos’ very graphic horror movie on future threats, the role of main male and female actors are assigned to the Iphone and the Ipod Touch. We’d like to add that they will be probably the best candidates for the golden Oscar statue as in the movie on future cyber threats, Iphone and Ipod’s interpretation couldn’t be more convincing and rich of drama…
Still, Sophos’ report is missing a key point when describing the potential threats deriving by being the lucky possessors of such devices. The point is that those devices are wi-fi capable and have a great user interface. Other devices before the Iphone and Ipod touch embedded wi-fi capability, but the user interface was usually so unfriendly that the owner was reluctant to exploit in full the capability of such devices. With Apple’s products it’s another story.
The owner “feels” the powerful computer and operating system behind the sleek design and tons of applications, most of them coming from untrusted third parties, are loaded in the device by most of the owners. Which becomes a real sidekick in everybody’s life, always carried in the owner’s pocket and always ready to connect to the owner’s company wifi infrastructures.
It means, that if the handy device was successfully exploited by a malicious hacker, either by a direct attack or through a nasty downloaded application, it could be used as a bridge between the bad guy and the owner’s company network. A true trojan horse… maybe the best trojan horse ever built.
As we well know, Apple’s original intents were to bullet-proof the device closing it toward third parties applications. Sure, they said it was for security reasons but we well know that there were also commercial reasons behind such decision. Regardless, the hacker community soon after the Iphone’s launch split the device in bits and pieces, successfully overriding Apple’s protections in both the originally released firmware and the next updates, the last one included .
Get ready! By the end of 2008 we predict havoc among Apple’s Iphone/Ipod Touch customers. After all, we warned the world already back in 2003…