Google and Apple harnessed the power of the cloud the benefits of working in the cloud with Chrome OS and iCloud, but according to a Kaspersky researcher, there are security issues with both platforms.
However, there are significant design flaws in both Google’s Chrome OS and Apple’s iCloud service that may make them unsuitable for business use, Roel Schouwenberg, a senior antivirus researcher at Kaspersky Labs, said March 1 in a talk at the RSA 2012 Conference in San Francisco.
From a security standpoint, Chrome OS was a solid platform, Schouwenberg said. Since there is no local storage, users are not vulnerable to malware that can be downloaded and executed on the computer.
On the other hand, users are still exposed to attacks that are launched by the apps running inside the Web browser.
Just as malicious apps can be found in the Android Market, there are malicious browser-based apps in the Chrome Marketplace, Schouwenberg said. At the moment, Chrome apps are less prevalent than mobile apps, but they are dangerous because there is no way to detect them as malicious. Chromebooks, computers with only the Chrome OS and Chrome Web browser installed, do not run any security software that could detect malicious software.
Kaspersky Labs identified a Chrome OS app that tried to steal Facebook credentials, he said.
Google recently launched the Bouncer service to scan and remove malicious apps from the Android market. The service also scans the Chrome Web Store, according to Forbes. Google also told Forbes that security companies can use extension APIs for Chrome OS to create security products for the platform.
Apple’s iOS and the associated iCloud online storage service both have issues with potential data leaks, Schouwenberg warned. Instead of using standard SMS protocols when processing messages, Apple is treating SMS as data, he said. Users can just switch the SMS card from one iPhone to another, but even after removing the SIM card, the other phone continued receiving SMS messages, Schouwenberg found. iOS devices also shared notes over iCloud even after turning note-sharing off.
“That is not good,” he said.
Apple also set up the iOS to be able to supercede user settings in order to connect to certain wireless hotspots. While it may be convenient, it isn’t secure, as the data could be sniffed from the device if connected to an unsecured access point, Schouwenberg said.