Taking iPhone Security Seriously

By Don Reisinger  |  Posted 2009-11-09

10 Things the iPhone Worm Teaches Us About Mobile Security

A new worm has affected some Australian iPhones. The worm gains root access to a user's jailbroken phone and installs an image of Rick Astley (of Rickrolling fame) as the default wallpaper. Security company Sophos said removing the Ikee worm is extremely difficult, but it doesn't appear to do much more than annoy the user who owns the affected device. It should also be noted that so far the worm has only impacted folks in Australia.

But the iPhone worm says quite a bit about the nature of mobile security. It also teaches some valuable lessons to those who might believe that mobile phones are secure. Reality dictates that no one is absolutely secure at any point. And although Apple does its best to safeguard the security of its users, not even the iPhone, jailbroken or not, can keep them entirely safe.

That's precisely why this small outbreak can teach any mobile phone user a lot about mobile security and what kinds of dangers exist.

1. One point against jailbreaking

Once Apple responds to the news about this worm, you can bet that the company will make it abundantly clear that those who jailbreak their phones are putting themselves at unnecessary risk. That's partly true. An iPhone that hasn't been jailbroken by its user has all the security features in place, potentially decreasing the chances of malicious hackers gaining access. Jailbreaking might not be the best move.

2. Trust is a problem

Too often, users open files from others without considering the ramifications. Whether an e-mail comes from a trusted source or from someone a user doesn't know, caution must always be used when opening attachments. Does that attachment relate to a prior discussion? Is it coming from a trusted source? Answering those questions (and others) is important before opening an attachment.

3. False sense of security

Unfortunately, too many people believe that because they're using an iPhone and not a Windows PC, they are more likely to be secure. That's not necessarily true. Although Apple has done a fine job of securing the iPhone and few issues ever arise, that's far from an absolute guarantee. Users who feel that they can do anything without worrying about the consequences could put themselves in danger.

4. Mobile breaches are still bad

When users considers the potential security issues that could arise on a mobile phone, some believe that the result won't be bad even if malware manages to latch on to the device. After all, they reason, all the really sensitive information is on a PC. Think again. If a user has his or her work e-mail account tied to an iPhone, any and all messages will be sent to that device. If malicious hackers find their way into the software, it won't take long for them to access that sensitive data.

Taking iPhone Security Seriously

5. The iPhone is a PC

Users don't often consider the iPhone to be more than a mobile phone. But as the device becomes more sophisticated, they should assume that it is. It might not require security software (yet), but like a computer, there are numerous ways for malicious hackers to find their way into an iPhone, steal data and run amuck. If users are careful with their PCs, back up iPhone data and ensure that they visit safe sites, they will have a better chance of staying safe.

6. Bad guys are watching

As more iPhones are sold, more malicious hackers will want to exploit users. They know that owners aren't necessarily thinking about security first. They know that the iPhone has been relatively untested, giving users a false sense of security. And they also know that many iPhones contain a lot of valuable information. As the Ikee exploit has shown, some folks want to make their way into the iPhone.

7. The Ikee worm is a warning

It might be easy for some to cast Ikee aside as a harmless prank, but that probably isn't the best idea. Ikee has proven that there is a way into the iPhone, or at least into jailbroken iPhones. And it also proves that the more users believe that there isn't anything to worry about, the more they really will need to worry. Ikee might be the first of many attempted exploits. We need to be ready.

8. Targeting the iPhone

Although it might sound obvious, Ikee has also proven that the iPhone is a target. The BlackBerry wasn't targeted. Android-based devices weren't targeted. It was the iPhone that the hackers went after. If nothing else, that should make users wary.

9. It's not just an international problem

Some iPhone users might think that Ikee is only a threat to Australian users. But those living in the United States and Canada are absolutely at risk. So far, at least, there haven't been any major outbreaks here to make users think otherwise. But rest assured that there will be worms making their way to North America. It's only a matter of time.

10. Nothing is totally secure

If nothing else, Ikee has proven that no matter the platform or operating system, no tech product is absolutely secure. Because of that, it's incumbent upon us all to remember that when it comes to mobile security, PC security or anything else, we're never totally safe. Therefore, we need to engage in practices that it will maximize our security potential. It's important. Especially as the iPhone enters the cross hairs.

Rocket Fuel