Australia’s questions over iPhone security: justified?
John Lawler, the CEO of the Australian Crime Commission, has spoken about the serious threat of online crime in today’s highly tech-savvy world, something that extends all the way to the iPhone.
At the International Serious and Organised Crime 2010 event, the Australian Crime Commission’s (ACC) CEO, John Lawler, gave an excellent address on the topic of cyber security in today’s world and the many and varied threats affecting us all that are all too real. The entire talk called “The Fifth Estate: Organised Crime Goes Virtual” is available to read at the ACC’s website and makes for fascinating and sobering reading, delving into the deeply reaching tendrils of cloud computing which unify all kinds of information, the threat from mobile devices, new ways to police online crime, the sophistication of malware, the underground economy and much more. In the course of the address, Mr Lawler talked about threats from the mobile world, noting a Sydney Morning Herald article which “reported on the massive uptake of the iPhone particularly in the business market where it is the third most used system in the world and is being deployed or piloted by more than 70 per cent of Fortune 100 companies”, and followed this up by saying “Yet IT managers are swimming against the phone’s tide of popularity because they can’t centralise installation and security updates as with other software.” It’s true that phones such as the BlackBerry and those running Windows Mobile 6.5 have been much easier for IT admins to administer, but it has to be said that Apple has been dramatically improving enterprise support and interoperability with each version and must continue doing so to remain competitive and secure in a business environment. Mr Lawler continues: “This overwhelming desire for instant services at the expense of security safeguards is something I’ll return to in a moment. “But aside from the potential to facilitate traditional crimes using these devices, for example, by spreading spam, there is a growing criminal movement targeting such devices directly. “In May this year Italian customs agents broke up a phony iPhone ring selling fake Chinese-made iPhones having correctly predicted that organised crime groups would invest in such activities as a less risky way than drug trafficking to reap big revenues. “In August this year, London police arrested nine people and seized one thousand iPhones as they uncovered a criminal network that was using premium phone lines to launder profits and hide identities.” Continued on page two, please read on!
Mr Lawler makes a comment on the iMob game and what might be inspiring the game and who might be behind it. He then says: “So with the explosive uptake of personal communication devices, there are certainly already opportunities that appeal to organised criminals. “The future will undoubtedly bring even more opportunities, particularly as the buzzword is convergence and strategists predict that so much of our information, entertainment and even our body data, our emotions and senses could be streamed through one, individual and embedded device. “What will organised crime make of that?” There’s much, much more to John Lawler’s article, and it’s definitely worth reading. However it must be said that iPhone security should be much stronger than that of most competing devices. Unless an unpatched vulnerability is discovered and withheld so it can be used en masse against anyone online criminals want to target, as was possible with the iPad OS 3.2.1 and iPhone OS 4.0.x versions through a PDF vulnerability that could be exploited from a web page, unmodified iPhones only run software available from the Apple store, and not unknown third party sources. Unknown and unpatched vulnerabilities are popping up all the time in software, fixed through updates, so the chance that online criminals are finding these and exploiting them before they are patched is not only very high, it already happens – zero day threats are real, after all. There could be DNS cache poisoning to capture some information from iPhones connected to rogue Wi-Fi hotspots, but then any device could be vulnerable to such an attack, especially if VPN software isn’t being used on such a connection. After all, if a thief wants to break into your house, most fancy door locks won’t stand up to being ramraided with a 4WD car, even if they will stop a boot. But we can all still do things to have as much security as possible, such as not jailbreaking your iDevice, being aware of phishing and other social engineering tricks and running the latest Internet security software on platforms that need it. Jailbroken iPhones have been vulnerable in the past when default passwords weren’t changed, and there could easily be malicious unauthorised iPhone software out there targeting jailbroken devices, but these are not the majority of devices that are used in an unmodified fashion. So… online security is something that has not only become extremely important, but a vastly profitable battlefield for online criminals, and one that countries around the world are having to take extremely seriously. It’s not your phone, but every aspect of your digital life that you have to think of, because it’s not just governments and corporations that want to track you, but online criminals too, who can do a much better job of ripping you off and screwing around with your life than the various governments and corporations in our lives already do!
View full post on All Stories