Security Market Segment LS
Sunday, 24 October 2010 16:37

Australia's questions over iPhone security: justified?

By

John Lawler, the CEO of the Australian Crime Commission, has spoken about the serious threat of online crime in today's highly tech-savvy world, something that extends all the way to the iPhone.

At the International Serious and Organised Crime 2010 event, the Australian Crime Commission's (ACC) CEO, John Lawler, gave an excellent address on the topic of cyber security in today's world and the many and varied threats affecting us all that are all too real.

The entire talk called "The Fifth Estate: Organised Crime Goes Virtual" is available to read at the ACC's website and makes for fascinating and sobering reading, delving into the deeply reaching tendrils of cloud computing which unify all kinds of information, the threat from mobile devices, new ways to police online crime, the sophistication of malware, the underground economy and much more.

In the course of the address, Mr Lawler talked about threats from the mobile world, noting a Sydney Morning Herald article which 'reported on the massive uptake of the iPhone particularly in the business market where it is the third most used system in the world and is being deployed or piloted by more than 70 per cent of Fortune 100 companies', and followed this up by saying 'Yet IT managers are swimming against the phone's tide of popularity because they can't centralise installation and security updates as with other software.'

It's true that phones such as the BlackBerry and those running Windows Mobile 6.5 have been much easier for IT admins to administer, but it has to be said that Apple has been dramatically improving enterprise support and interoperability with each version and must continue doing so to remain competitive and secure in a business environment.

Mr Lawler continues: 'This overwhelming desire for instant services at the expense of security safeguards is something I'll return to in a moment.

'But aside from the potential to facilitate traditional crimes using these devices, for example, by spreading spam, there is a growing criminal movement targeting such devices directly.

'In May this year Italian customs agents broke up a phony iPhone ring selling fake Chinese-made iPhones having correctly predicted that organised crime groups would invest in such activities as a less risky way than drug trafficking to reap big revenues.

'In August this year, London police arrested nine people and seized one thousand iPhones as they uncovered a criminal network that was using premium phone lines to launder profits and hide identities.'

Continued on page two, please read on!


Mr Lawler makes a comment on the iMob game and what might be inspiring the game and who might be behind it.

He then says: 'So with the explosive uptake of personal communication devices, there are certainly already opportunities that appeal to organised criminals.

'The future will undoubtedly bring even more opportunities, particularly as the buzzword is convergence and strategists predict that so much of our information, entertainment and even our body data, our emotions and senses could be streamed through one, individual and embedded device.

'What will organised crime make of that?'

There's much, much more to John Lawler's article, and it's definitely worth reading.

However it must be said that iPhone security should be much stronger than that of most competing devices.

Unless an unpatched vulnerability is discovered and withheld so it can be used en masse against anyone online criminals want to target, as was possible with the iPad OS 3.2.1 and iPhone OS 4.0.x versions through a PDF vulnerability that could be exploited from a web page, unmodified iPhones only run software available from the Apple store, and not unknown third party sources.

Unknown and unpatched vulnerabilities are popping up all the time in software, fixed through updates, so the chance that online criminals are finding these and exploiting them before they are patched is not only very high, it already happens - zero day threats are real, after all.

There could be DNS cache poisoning to capture some information from iPhones connected to rogue Wi-Fi hotspots, but then any device could be vulnerable to such an attack, especially if VPN software isn't being used on such a connection.

After all, if a thief wants to break into your house, most fancy door locks won't stand up to being ramraided with a 4WD car, even if they will stop a boot. But we can all still do things to have as much security as possible, such as not jailbreaking your iDevice, being aware of phishing and other social engineering tricks and running the latest Internet security software on platforms that need it. 

Jailbroken iPhones have been vulnerable in the past when default passwords weren't changed, and there could easily be malicious unauthorised iPhone software out there targeting jailbroken devices, but these are not the majority of devices that are used in an unmodified fashion.

So'¦ online security is something that has not only become extremely important, but a vastly profitable battlefield for online criminals, and one that countries around the world are having to take extremely seriously.

It's not your phone, but every aspect of your digital life that you have to think of, because it's not just governments and corporations that want to track you, but online criminals too, who can do a much better job of ripping you off and screwing around with your life than the various governments and corporations in our lives already do!

 


Subscribe to ITWIRE UPDATE Newsletter here

Now’s the Time for 400G Migration

The optical fibre community is anxiously awaiting the benefits that 400G capacity per wavelength will bring to existing and future fibre optic networks.

Nearly every business wants to leverage the latest in digital offerings to remain competitive in their respective markets and to provide support for fast and ever-increasing demands for data capacity. 400G is the answer.

Initial challenges are associated with supporting such project and upgrades to fulfil the promise of higher-capacity transport.

The foundation of optical networking infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux/demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.

With today’s proprietary power-hungry and high cost transceivers and DSP, how is migration to 400G networks going to be a viable option?

PacketLight's next-generation standardised solutions may be the answer. Click below to read the full article.

CLICK HERE!

WEBINAR PROMOTION ON ITWIRE: It's all about webinars

These days our customers Advertising & Marketing campaigns are mainly focussed on webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://www.itwire.com/itwire-update.html and Promotional News & Editorial.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

We have a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you.

MORE INFO HERE!

BACK TO HOME PAGE
Alex Zaharov-Reutt

One of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks on all the major news and current affairs programs, on commercial and public radio, and technology, lifestyle and reality TV shows. Visit Alex at Twitter here.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments