Infected Apple
Is Apple’s walled garden showing signs of erosion, asks Matt Kapko
frequency in the future. In other words, cracks are starting to appear in the walls that surround (and protect) Apple’s ecosystem.
Bill Anderson, chief products officer at mobile malware security firm Optio Labs, is surprised that more instances of malware running on Apple devices haven’t come to light, because there are no technical differences between iOS and other mobile platforms that would make it less vulnerable to attacks. “They’re not doing anything radically different from anyone else in the industry. They may be doing it slightly better. They may have also just gotten luckier for a longer period of time,” he says.
Anderson adds that the most worrisome thing about the Xcode exploit is how the relatively simple malware sailed through Apple’s app review process undetected. “Why didn’t the Apple tools trigger to this? If they didn’t, what else are they not triggering to, and why not?”
XcodeGhost: the ‘largest App Store breach in history’
Apple’s customers take comfort in the preconceived notion that iOS devices aren’t susceptible to malware, because the company checks every app carefully before they’re approved for public availability via the App Store. Despite the latest high-profile security incident, the firm will maintain that perception, according to Anderson. “There could be additional Apple exploits over the coming year, and we could start getting annoyed by them, but I think [iOS] is going to hold onto that perception of being [more secure] than Android for the foreseeable future,” he argues.
Thomas Reed, a Mac security expert and director of software maker Malwarebytes, calls the XcodeGhost attack “easily the largest App Store breach in history” and says that the incident “will erode consumer confidence in the App Store as a (mostly) unassailable malware-free fortress.”
Apple’s review process, paired with its goal of absolute control over the App Store, reinforces the perception that its devices are more secure. When that system fails, trusting users become victims, and over time confidence and blind faith will be called into question. “Perfectly respectable, legitimate apps turned out to be infected,” Reed writes in a related blog post. “It’s hard for any user to be on guard against this kind of malware. Especially on iOS, where security features in the system make anti-malware software impossible.”
In many ways, the tech giant is a victim of its own success. “Apple’s security strategy is so well-engineered that its biggest danger may be the false sense of security it gives developers and the massive number of iPhone users,” says John Gunn, vice president of communications at Vasco Data Security. The specific long-term effects of the XcodeGhost malware attack are unknown, but because no serious or particularly