Original URL: http://www.reghardware.co.uk/2007/01/16/iphone_malware/
Apple's iPhone is unlikely to become a gateway device for mobile malware, Symantec says. The handset will run an operating system based on Mac OS X, thus opening the possibility that the small number of viruse targeting the platform might be re-purposed to infect iPhone.
However, Concerns about possible mobile infestation of iPhones are "premature" at worst according to Eric Chien, an anti-virus researcher at Symantec.
For one thing the iPhone will be locked down so that consumers will be able to install only selected third party applications. While not dismissing the possibility that iPhone-specific malware could be created, Chien reckons it won't reach the levels currently seen with smart phones running Symbian OS. Nonetheless, vulnerabilities in Mac OS X could create future problems, he warns.
"The likely vectors of infection will be via any vulnerabilities on the device that allow code to execute. Unfortunately, just a single malware writer taking advantage of a single vulnerability could cause havoc, but for the most part such attacks will be limited," he writes.
"If the iPhone remains a closed device with not even Java applications or widgets let alone native code, the risk of infection becomes orders of magnitude lower."
Even though the iPhone is "locked down", interest in the technology is likely to spur the creation of home-brew hacks. The motives of these users is simply to run their own code on the phone, but the techniques pioneered by tech enthusiasts might be re-purposed for more malign purposes.
"Once they install and execute unknown code on their device, there is always a chance of executing malicious code. This scenario happened in the past with the Sony PSP and PSPBrick Trojan," Chien notes.
A mono-culture of devices running the same OS, knowledge among hackers about how software on the device works have been factors driving the creation of numerous items of malware on Windows PCs and the reason why mobile malware, despite considerable hype from some quarters, has been mercifully rare. Chien concludes that this is unlikely to change much with the arrival of iPhones later this year.
His analysis is published on Symantec's security blog here (http://www.symantec.com/enterprise/security_response/weblog/2007/01/malware_for_the_apple_iphone.html). ®
Malware authors target Mac emerging markets (25 January 2008)
http://www.theregister.co.uk/2008/01/25/mac_malware_menace/
Mac lambs line up for slaughter (16 January 2008)
http://www.theregister.co.uk/2008/01/16/mac_malware_concern/
'First' iPhone Trojan rolls into town (7 January 2008)
http://www.theregister.co.uk/2008/01/07/iphone_trojan/
Experts cast runes on Google phone security (15 November 2007)
http://www.theregister.co.uk/2007/11/15/google_android_security/
Macs seized by porn Trojan (31 October 2007)
http://www.reghardware.co.uk/2007/10/31/in_the_wild_osx_trojan/
Jesus Phone needs an exorcist (24 July 2007)
http://www.theregister.co.uk/2007/07/24/iphone_security_vulnerability/
'Mac worm' hacker in death threat farce (19 July 2007)
http://www.theregister.co.uk/2007/07/19/mac_worm_farce/
iPhone becomes phisherman's friend (17 July 2007)
http://www.theregister.co.uk/2007/07/17/iphone_phishing_risk/
Malware scammers target iPhone (3 July 2007)
http://www.theregister.co.uk/2007/07/03/iphone_scams/
Jobs waves iPhone, talks applications (31 May 2007)
http://www.theregister.co.uk/2007/05/31/jobs_waves_iphone/
My RFID-embedded car numberplate has a virus (11 April 2007)
http://www.theregister.co.uk/2007/04/11/cybercrime_trends_mcafee/
Apple megapatch fixes multiple flaws (14 March 2007)
http://www.theregister.co.uk/2007/03/14/apple_megapatch/
Carphone Warehouse courts iPhone (26 January 2007)
http://www.theregister.co.uk/2007/01/26/carphone_warehouse_iphone/
Apple safe from Citrix's legal hounds (24 January 2007)
http://www.theregister.co.uk/2007/01/24/nortel_apple_iphone/
Apple iPhone costs $246-$281 to make, analyst claims (19 January 2007)
http://www.reghardware.co.uk/2007/01/19/iphone_bom_forecast/
LG, Prada parade iPhone-like KE850 (18 January 2007)
http://www.reghardware.co.uk/2007/01/18/lg_shows_iphone-like_prada_phone/
Apple's alleged 802.11n enabler fee: blame Enron etc. (17 January 2007)
http://www.reghardware.co.uk/2007/01/17/apple_80211n_wifi_fee_update/
Apple attacks iPhone UI emulators (16 January 2007)
http://www.reghardware.co.uk/2007/01/16/apple_sets_lawyers_ipone_emulators/
iPhone locked down, Apple confirms (12 January 2007)
http://www.theregister.co.uk/2007/01/12/apple_lockdown_iphone/
101 uses for a dead iPhone (11 January 2007)
http://www.theregister.co.uk/2007/01/11/top_iphone_tips/
The iPhone: a Naomi Campbell of a product (10 January 2007)
http://www.reghardware.co.uk/2007/01/10/iphone_will_fail_again/
McAfee warns over Apple virus risk (9 May 2006)
http://www.theregister.co.uk/2006/05/09/mcafee_mac_security_risk/
Triple threat to Mac OS X largely academic (27 February 2006)
http://www.theregister.co.uk/2006/02/27/apple_security_threats_a_reality/
Malware turns PSP into expensive brick (7 October 2005)
http://www.theregister.co.uk/2005/10/07/psp_trojan/
Firefox and Mac security sanctuaries 'under attack' (19 September 2005)
http://www.theregister.co.uk/2005/09/19/symantec_threat_report/
Apple patch fiasco invites trouble (19 August 2005)
http://www.theregister.co.uk/2005/08/19/apple_patches/