Apple's bitter bite

29/02/2008 Written by Roberto Preatoni

appleSecu­rity com­pany Sophos recently released a mal­ware 2007 report .
By read­ing the whitepa­per, we get some inter­est­ing con­fir­ma­tions about malware/cracker’s trends much long ago antic­i­pated also by Zone-​H.

For the first time ever a report is focus­ing on tra­di­tional secu­rity threats as well as on hot top­ics such state spon­sored espi­onage and cyber­war. Con­cepts that have been longly antic­i­pated by a few of long-​sighted observers, pos­si­bly hav­ing Zone-H’s mem­bers in the front line.

The Sophos whitepa­per is truly insight­ful, and by read­ing it we have the impres­sion that the bit­ter bite of the rot­ten secu­rity cake will soon end up in Apple’s mouth. The report in fact, devotes a large sec­tion to “Ultra-​mobile PCs, iPhones and Wi-​Fi devices”. In Sophos’ very graphic hor­ror movie on future threats, the role of main male and female actors are assigned to the Iphone and the Ipod Touch. We’d like to add that they will be prob­a­bly the best can­di­dates for the golden Oscar statue as in the movie on future cyber threats, Iphone and Ipod’s inter­pre­ta­tion couldn’t be more con­vinc­ing and rich of drama…

Still, Sophos’ report is miss­ing a key point when describ­ing the poten­tial threats deriv­ing by being the lucky pos­ses­sors of such devices. The point is that those devices are wi-​fi capa­ble and have a great user inter­face. Other devices before the Iphone and Ipod touch embed­ded wi-​fi capa­bil­ity, but the user inter­face was usu­ally so unfriendly that the owner was reluc­tant to exploit in full the capa­bil­ity of such devices. With Apple’s prod­ucts it’s another story.

The owner “feels” the pow­er­ful com­puter and oper­at­ing sys­tem behind the sleek design and tons of appli­ca­tions, most of them com­ing from untrusted third par­ties, are loaded in the device by most of the own­ers. Which becomes a real side­kick in everybody’s life, always car­ried in the owner’s pocket and always ready to con­nect to the owner’s com­pany wifi infrastructures.

It means, that if the handy device was suc­cess­fully exploited by a mali­cious hacker, either by a direct attack or through a nasty down­loaded appli­ca­tion, it could be used as a bridge between the bad guy and the owner’s com­pany net­work. A true tro­jan horse… maybe the best tro­jan horse ever built.

As we well know, Apple’s orig­i­nal intents were to bullet-​proof the device clos­ing it toward third par­ties appli­ca­tions. Sure, they said it was for secu­rity rea­sons but we well know that there were also com­mer­cial rea­sons behind such deci­sion. Regard­less, the hacker com­mu­nity soon after the Iphone’s launch split the device in bits and pieces, suc­cess­fully over­rid­ing Apple’s pro­tec­tions in both the orig­i­nally released firmware and the next updates, the last one included .

Get ready! By the end of 2008 we pre­dict havoc among Apple’s Iphone/​Ipod Touch cus­tomers. After all, we warned the world already back in 2003…


Share this content: