Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Fortify warns users of iPhone malware

The warning comes as a growing number of iPhone users are coming to the end of their initial contracts with carriers and are unlocking – jailbreaking – their iPhones to allow them to use other carrier's SIM cards and third-party apps on their mobiles.

It's against this backdrop that Fortify is advising companies to tread carefully with corporate use of the Apple smart phone, owing to the multi-tasking aspects of the updated operating system.

Richard Kirk, European director with the application security specialist, says that the move to multi-tasking on the iPhone opens up all sorts of hacker and mischievous possibilities on the Apple handset, as users can be interacting with an app in the foreground, whilst the iPhone does all sorts of things in the background.

"The addition of multi-tasking for the iPhone is clearly a major step forward for the Apple handset, and we fully expect to see the arrival of a number of corporate apps as a result in the coming months", he said.

"This is excellent news for business usage of the Apple smart phone, but company software teams should be aware of the need to carry out software security tests on all apps – regardless of source – before they are deployed, as they may turn out to harbour hidden problems in the programme code", he added.

According to Kirk, the potential for such malware can clearly be seen with a new Windows Mobile game called '3D Anti-terrorist action', which reportedly dials expensive international phone calls in the background, whilst the user plays the game on their smartphone.

This, he says, is a clever use of the fact that some international call destinations offer shared revenue to third parties, in much the same way that UK premium rate numbers offer call revenue to companies.

The Terdial trojan – which Graham Cluley of Sophos reported on last week  – is one of the first to take fraudulent advantage of the multi-tasking aspects of the Windows Mobile platform and Fortify fully expects to see other trojans plus malware used in future iPhone apps.

And, Kirk says, given the interest in the iPhone's new tablet cousin, the iPad, he also expects to see similar malware arriving on the new iPad, as its popularity continues to grow, and multi-tasking arrives on the computer.

It's against this backdrop that Fortify says that companies planning to roll third-party apps for use by staff in any shape or form, carefully check the source code of the app for any hidden problems.

This is especially important, he explained, as a growing number of iPhone users are unlocking their handsets from their cellular carrier and the Apple iTune store, to allow them to run third-party sourced software, which is not checked by Apple Computer for its provenance.

"It's important, therefore, for companies to implement software security testing to identify and remove any potential vulnerabilities from existing applications, as opposed to simply trying to block attacks on applications", he said.

"And IT staff also need to understand the need to test not only the app code that is developed in house, but code this is acquired from vendors, outsourcers and open source. The iPhone clearly has new and significant potential with the latest operating system update, but companies need to carry out their own security tests before embracing the obvious benefits of the handset", he added.

What’s Hot on Infosecurity Magazine?