RSS Alerts

Share

More services

Related Links

  • Fortify Software
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • Companies ignoring security threats of the iPhone in the workplace
    Research just released claims to show that companies around the world are unprepared for the security threat that the Apple iPhone poses in the workplace.
  • Apple iPhone worms highlight flaw in whitelisting
    The recent well-publicised worms affecting the Apple iPhone - Ikee and Ikee-B - have raised a stir in the mobile phone security arena, but, says ESET, the IT security vendor, many observers have failed to realise the real problem with mobile phone security - users.
  • RSA unveils iPhone SecurID application
    RSA, the security division of EMC, has unveiled SecurID Software Token for iPhone Devices which it claims allows the Apple cellular handset to be used an RSA SecurID authenticator.
  • iPhone may be weak link in company information security defences
    Research commissioned by DeviceLock, the end point security company, claims to show that many firms are failing to act on the information security risks that the Apple iPhone poses to their IT resources.
  • The State of Smartphone Security
    An awful lot of lip service has been paid to smartphone security. Whereas most industry experts agree that, to date at least, smartphone security threats are mainly hype, that doesn’t mean this won’t change. Davey Winder investigates…

Top 5 Stories

News

Fortify warns users of iPhone malware

19 April 2010

With Apple finally announcing what will and won't be seen in v4.0 of the iPhone operating system, Fortify Software has warned users to watch out for its multitasking aspect as it may hide malware running in the background.

The warning comes as a growing number of iPhone users are coming to the end of their initial contracts with carriers and are unlocking – jailbreaking – their iPhones to allow them to use other carrier's SIM cards and third-party apps on their mobiles.

It's against this backdrop that Fortify is advising companies to tread carefully with corporate use of the Apple smart phone, owing to the multi-tasking aspects of the updated operating system.

Richard Kirk, European director with the application security specialist, says that the move to multi-tasking on the iPhone opens up all sorts of hacker and mischievous possibilities on the Apple handset, as users can be interacting with an app in the foreground, whilst the iPhone does all sorts of things in the background.

"The addition of multi-tasking for the iPhone is clearly a major step forward for the Apple handset, and we fully expect to see the arrival of a number of corporate apps as a result in the coming months", he said.

"This is excellent news for business usage of the Apple smart phone, but company software teams should be aware of the need to carry out software security tests on all apps – regardless of source – before they are deployed, as they may turn out to harbour hidden problems in the programme code", he added.

According to Kirk, the potential for such malware can clearly be seen with a new Windows Mobile game called '3D Anti-terrorist action', which reportedly dials expensive international phone calls in the background, whilst the user plays the game on their smartphone.

This, he says, is a clever use of the fact that some international call destinations offer shared revenue to third parties, in much the same way that UK premium rate numbers offer call revenue to companies.

The Terdial trojan – which Graham Cluley of Sophos reported on last week  – is one of the first to take fraudulent advantage of the multi-tasking aspects of the Windows Mobile platform and Fortify fully expects to see other trojans plus malware used in future iPhone apps.

And, Kirk says, given the interest in the iPhone's new tablet cousin, the iPad, he also expects to see similar malware arriving on the new iPad, as its popularity continues to grow, and multi-tasking arrives on the computer.

It's against this backdrop that Fortify says that companies planning to roll third-party apps for use by staff in any shape or form, carefully check the source code of the app for any hidden problems.

This is especially important, he explained, as a growing number of iPhone users are unlocking their handsets from their cellular carrier and the Apple iTune store, to allow them to run third-party sourced software, which is not checked by Apple Computer for its provenance.

"It's important, therefore, for companies to implement software security testing to identify and remove any potential vulnerabilities from existing applications, as opposed to simply trying to block attacks on applications", he said.

"And IT staff also need to understand the need to test not only the app code that is developed in house, but code this is acquired from vendors, outsourcers and open source. The iPhone clearly has new and significant potential with the latest operating system update, but companies need to carry out their own security tests before embracing the obvious benefits of the handset", he added.

This article is featured in:
Application Security • Malware and Hardware Security • Wireless and Mobile Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012