The iPhone SDK, Hackers, and Malware

However this same attention may have unwittingly allowed others who might not have otherwise been capable of exploiting the iPhone to do so. There is a relevant saying that fits here (i’ll paraphrase it a bit): By the time one has achieved the skill necessary to complete a certain task, one generally has the wisdom to respect this new found ability enough to refrain from using it maliciously or recklessly. There are obviously exceptions to this idea, there are plenty of talented malware developers, many of whom may have been able to exploit the iPhone without any help at all. But there are also large numbers of people with less than friendly intentions who may have just had much of their work done for them. IT professionals sometimes refer to this class of attacker as a “script kiddie”, someone who may not have the technical skill to discover and exploit software bugs, but may be able to execute such an attack based on work already done by others.

Now I should be clear here, I do not believe in security through obscurity as a solid protection method, nor do I think Apple believes this is a good way to protect the iPhone. Increased scrutiny of the iPhone and discovery of new exploits is not a bad thing as long as Apple keeps up and patches the holes before a large window of opportunity opens up for malware writers. This is a sound strategy that has worked quite well for Linux and other open source software. However the current focus on the iPhone has without a doubt raised the bar for Apple in terms of security. There will certainly be malicious software written to target the iPhone, but the overall risk will depend on how carefully Apple controls the situation.

No software will ever be free of bugs, and there is no such thing as 100% secure code. However, because no 3rd party applications have been released yet for the iPhone, Apple may have a chance to roll back time in a way. Apple can alter the way the iPhone works to make it more secure as much as they desire right now without breaking applications, something that cannot be done on an existing platform such as Windows. If needed this may be able to counteract a certain amount of the advances malware writers have already made so far.

One thing is clear, even with the release of the SDK, Apple is retaining a significant amount of control over the way the iPhone (And also the iPod Touch) run 3rd party applications. Applications will be distributed through iTunes only, and developers will submit their applications as source code to Apple to ensure that nothing malicious slips by onto users phones. This is in sharp contrast to a platform such as Windows where the system itself is completely open to any and all code, users can be tricked into running software they would not otherwise approve of through social engineering, and malicious software can easily install itself secretly without the user ever knowing about it. Apple certainly has the upper hand at the moment but it remains to be seen how determined malware writers are to exploit the large user base the iPhone will continue to have in the future.

Share this post: Share this article on Facebook Share this Article on Twitter Add this Article to Stumbleupon Add this Article to Add this Article to Digg Add this Article to Reddit Add this Article to Newsvine
This entry was posted in 3rd Party Software, Apple Software, Articles and tagged , , , , , , , , . Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.
  • blueskyrocket

    And lets hope Apple keeps the iPhone secure. I, for one don’t want a compromised iPhone

  • steve

    As pointed out to us by a reader, this article originally was worded unclearly so it has been corrected.

  • Richard

    You said: And lets hope Apple keeps the iPhone secure. I, for one donโ€™t want a compromised iPhone

    I say: don’t install any 3rd party applications, and you will be secure. If you install anything else, pay attention. ๐Ÿ™‚