Jan 07 12
OS X security record threatened by iPhone?
Posted by Munir Kotadia @ 17:18 5 comments
If the iPhone does as expected and takes a decent chunk of the growing smartphone market then the overall penetration of OS X will skyrocket and attract some serious attention from malware writers.
It is still unclear exactly what is under the pretty exterior of the Apple iPhone but one thing we do know is that it will be running a cut down version of Apple's OS X.
Malware targeting OS X started to appear last year and as Apple products become more popular, the platform will become a more attractive target for malware authors. Luckily for Apple's customers, the Mac operating system was designed to be secure and the bad guys are having a tough time trying to exploit it.
However, one of the lessons we have learned is that if someone wants to get a piece of malware onto your system they will find a way to do it.
I was in a pub once when a colleague's smartphone received a Bluetooth message asking if she wanted to install an application. She said no but within a second the message reappeared. After clicking on "no" two dozen times she gave up and pressed "yes".
The annoying message went away but the phone died -- and couldn't be resuscitated. Eventually it was returned to the manufacturer. I guess it could have been worse if the phone had started functioning normally again but executed some kind of malicious application in the background.
This kind of attack basically bullies the user into executing a dangerous file.
The first mobile phone virus appeared around two and a half years ago but analyst firm Gartner has predicted that the first "serious" mobile virus will not appear till next year -- once there are enough smart devices to make widespread infection possible.
If, and it is a big if, malware authors find a way of infecting the iPhone's OS so it passes that infection to the desktop version of OS X, then the situation could get rather ugly.
Once the malware developers work around the fact that the phone won't be running an intel processor and will be running the OSX equivalent of Windows Pocket PC; and they write their own development tools, because apple will not be releasing any. All they need to do then is covertly circumvent apples lockouts to install their application onto phone, then simply exploit itunes to infect a host machine while syncing the phone while it's mounted as a storage device.
Easy, give me a couple of minutes, I will whip something up for you.
This is a scenario that will play out on Pocket PC's infecting windows long before it happens to an insignificant numbers of iphones connecting to a minority platform running Mac OS X.