Editor’s note: John Prisco is president and CEO of Triumfant.
The researchers at Lacoon Mobile Security identified the malicious software Xsser, capable of stealing text messages, photos, call logs, passwords and other data from iPhones and iPads. The discovery garnered international attention and rightfully so, as it is believed to be a product of the Chinese government targeted at pro-democracy protesters in Hong Kong.
This is not the first time the government has been accused of attempts to steal or spread misinformation, and it certainly won’t be the last. But political discourse aside, there are wide-reaching technological implications here that are a little closer to home and it’s Apple that needs to listen.
Xsser is an example of what’s coming in terms of mobile malware. The whole concept of BYOD will turn into an unmitigated disaster unless mobile operating systems are protected. With Apple, you just don’t have enough access to apply that level of protection. I am calling for Apple to cooperate and collaborate with the security industry to help us protect ourselves in this next wave of cyber-attacks.
Apple had good intentions. It kept everything close to the vest, with a closed off development community and rigorous control over applications. Apple has been brilliant at maintaining the purity of the brand and until relatively recently, that has been enough to provide additional protections against malicious attacks. But the genie is out of the iBottle.
Google, on the other hand, does allow this level of collaboration. With Android, security professionals can conduct analysis where it matters – with operating system-level interrogation and anomaly detection. With the Apple iOS, you can’t do that. You’re blocked off. What is then forced is an approach that requires only looking at the app with the AppWrapper. There is no way to develop a guardian for the operating system, so you will never be protected.
Hackers are a reality. Malware is inevitable, state-sponsored or not. How can there be any level of acceptable and secure BYOD if the world’s largest smart device manufacturer won’t let security professionals protect its users? Xsser is one example of what can go wrong and it will not be the last and not even close to the worst.
We’ve all realized Apple is no longer infallible; now it’s time for Apple to realize it for itself. It’s time for Apple to open its eyes and its iOS.