Apple iPhone passes security muster

Safe for now, but uncertain future

Shaun Nichols in California, vnunet.com 11 Jul 2007

The hundreds of thousands of new iPhone owners should not lose any sleep over the security of the Apple smartphone in the near future, experts have said.

"While vulnerabilities may be found and zero-day exploits may be released, the chances of widespread infection are currently low," security researcher Eric Chien from Symantec wrote in a posting on a company blog.

The reduced risk stems from Apple's decision to keep development of third-party software limited to browser-based JavaScript and Ajax code.

This keeps users in a secure 'sandbox' environment that prevents malicious code from accessing other parts of the system.

Chien also cited the iPhone's automatic upgrade system, which allows for the speedy deployment of patches.

However, security experts at Trend Micro are not so sure about the iPhone's defences in the longer term.

Todd Thiemann, director of device security marketing, and David Perry, global director of education, told vnunet.com that, while the iPhone currently faces fewer threats than competing smartphones, the long-term outlook is much more hazy.

If Apple decides to open developer access to the iPhone in order to compete with other smartphones, new software components will be available for attackers to target, the Trend Micro researchers warned.

"The key factor is the degree to which you can install third-party apps," said Thiemann. "There is a smaller risk of anything bad happening, but the market dynamics are such that consumers are moving towards [open] smartphones."

Likewise, if the iPhone gains significant market share, it will come under a great deal more scrutiny from an increasingly for-profit malware development community.

"If the iPhone becomes the lead dog, research will get done," said Perry. " When you move from the caboose of the train to the locomotive, you find it is the locomotive that hits things."

See also: