To great fanfare, 2008 saw the launch of the 3G version of the Apple iPhone, and the first phone to use the Google Android mobile operating system.
Apple iPhone
There is no disputing that the 3G version of the iPhone is more attractive to business and internet users than its predecessor owing to its superior connectivity and cheaper price point. In its most recent set of financial results, Apple reported that its iPhone was outselling RIM’s popular Blackberry device41.
Apple’s increased market share, however, may in turn herald more concerted attempts by criminals to take advantage of their devices in future.
Although simple malware has already been seen, the iPhone has not yet been the target of a significant attack. However, security flaws have been found in Apple’s mobile email application and its Safari web browser, and the company has been criticized for not patching these flaws at the same time as its other computers running Mac OS X.
iPhone users should also be aware that they may be more vulnerable to phishing attacks than their desktop counterparts because:
- They have to enter URLs via the touch-sensitive screen, and may be more willing to just click on email links.
- The iPhone version of Safari does not display URLs that are embedded in emails before they are clicked on. It is therefore harder for users to tell if the link leads, for example, to a bogus banking website.
- The iPhone’s browser only displays partial URLs in its address bar, making it far easier for cybercriminals to fool users into believing they are on a legitimate website.
At the time of writing the only mobile phone on the market that uses the Google Android operating system is the T-Mobile G1, giving hackers their first real look at its operating system. Although early reviews have typically concentrated on its cosmetic differences to the Apple
iPhone (such as a slide-out keyboard and less flexible touch screen), a security vulnerability in the G1’s web browser was rapidly discovered42.
Concerns have also been raised that Google’s “open” attitude to applications may mean malicious programs can be distributed amongst its phone’s users far more easily.
Sophos believes that early examples of malware for these operating systems are likely to be written by enthusiasts with a desire to make headlines, rather than financiallymotivated
criminals. However, as millions more people purchase them, creating mobile phone threats will become increasingly attractive for the criminally minded. One example could be the creation of a generic Mac OS X attack, which could threaten the common features and technology of the Mac computer and iPhone43.
Similarly, it would not be a surprise to see experimental attacks against Google Android users.
Such attacks are likely to rely upon social engineering – rather than software vulnerabilities – to fool users into running dangerous code. As such, mobile phone owners who are in the habit of adding third-party applications without caution will be increasing their chances of infecting
their device.
Sophos.com
No comments:
Post a Comment