Apple's relative success in the mobile market is attracting the attention of the cybercriminal underworld. Each reported breach leaves a little more blood in the water.
Personally, I've long been convinced that Apple's vaunted invulnerability when it comes to malware has been primarily a function of its limited penetration of the personal computer market (historically barely 10 percent, but climbing a little this year). Only secondarily is it an effect of supposedly "baked in" security features.
Hackers may be tenacious, but they're not stupid. With all that low-hanging Windows fruit out there, why bother engineering smart new ways to attack the Mac OS? Indeed, Apple's recent security embarrassments have sprung from high profile "white hat" attacks rather than for-profit criminal exploits.
That may be about to change, precisely because of the relative success of the iPhone, and especially the iPad. A share of the tablet market in excess of 60 percent is bound to grab the bad guys' attention. The signs have been around for almost a year. The enterprise security vendor Imperva publishes a monthly "Hack Intelligence" report. The October 2011 edition, which tracked discussions in hacker forums, reported a startling growth in discussion of iPhone exploits.
Ironically, one problem facing iOS devices seems to spring directly from the assumption that Apple has security well covered. Developers working on apps for the iPhone and iPad have been lulled into passivity by Apple's reputation for looking after security at a deeper level than apps and add-ons. Informed audiences, however, are starting to raise their eyebrows.
At the Black Hat hacker conference last month, delegates were disappointed by an "underwhelming" speech from Apple's platform security manager. Meanwhile, at the same conference, Jonathan Zdziarski, an iOS forensics expert, was describing methods to hack an iPhone, both with and without physical access: "Give me two minutes with somebody's phone and I can dump the entire file system from it."
Enterprises should be paying attention to these developments, slow and nebulous though they may be. If iPhones are vulnerable to malicious exploits, including attacks via apps, it makes sense to believe that the same is true of iPads.
With iPad uptake continuing to accelerate within the enterprise this summer (a prediction I made, and which was greeted by general disbelief, last year), security managers should take little comfort in Apple's reputation for invulnerability.
— Kim Davis , Community Editor, Internet Evolution