iPhones most 'vulnerable' among smartphones

Summary:Cybercriminals are more motivated to find loopholes in iOS due to the popularity of Apple smartphones and the strictly controlled app store which do not easily allow the publishing of malicious apps to infect users, according to SourceFire exec.

More software vulnerabilities exist in iOS compared to the other operating systems, and a SourceFire executive said this is due to the iPhone's popularity, and Apple's strictly controlled app store which drives cybercriminals to find vulnerabilities in the operating system instead.

According to SourceFire's "25 Years of Vulnerabilities" study released in early March, which analyzed vulnerabilities from the Common Vulnerabilities and Exposures (CVE) data and National Vulnerability Database (NVD), the majority of mobile phone vulnerabilities have been found in Apple's iPhone. The database provides 25 years of information on vulnerabilities to assess, spanning from 1988.

210 vulnerabilities were found in Apple's smartphone, giving iOS 81 percent of the mobile phone vulnerability market share. This is more than the total number of vulnerabilities in Android-based, Windows-based and BlackBerry-based smartphones combined, at 19 percent.

vulnerability
iPhone takes the mobile phone vulnerability market share over the past 25 years (Source: SourceFire)

 

In an interview with ZDNet Asia, Yves Younan, senior research engineer at SourceFire's Vulnerabilities Research Team and author of the report, pointed out the finding was "surprising". It was also "interesting" as Apple has had significant CVE growth year over year, despite the operating system implementing more security features in subsequent iterations, he added.

Even though Android devices have topped the mobile phone operating system market share , iPhones are still popular among consumers, which is why cybercriminals are driven to find loopholes in the Apple's operating system, Younan explained.

With Android devices, cybercriminals see less reason to look for vulnerabilities to penetrate smartphones, he added. Android's open platform already easily opens up for third party and malicious apps to be easily created for users to download , he explained.

On the other hand, this cannot be done with the iOS store due to Apple's strict control of apps that are published. This is why cybercriminals are driven to find loopholes in the software system of Apple instead, he added.

As for Windows, the low number of vulnerabilities could be due to the fact it is not a popular operating system yet, Younan pointed out, but declined to comment on vulnerabilities in the BlackBerry operating system.

Enterprises must prepare for, tackle vulnerabilities

It was also found in the report the overall number of vulnerabilities with a high severity rating increased significantly until 2007, when it reached a high of 3,159. Since then, it tapered off and fell to 1760, despite more vulnerabilities being discovered in 2012.

What the study shows is vulnerabilities are here to stay, Younan noted.

Moving forward, enterprises must look at how to deal with them, and mitigate having a cyberattacker exploit the vulnerability, by installing mitigation on operating systems or using security products, he said.

"[Enterprises] should also plan for potential compromises including how they will rebuild and ensure the integrity of the data," Younan added.

Topics: Security, Apps, iPhone, Operating Systems

About

Elly grew up on the adrenaline of crime fiction and it spurred her interest in cybercrime, privacy and the terror on the dark side of IT. At ZDNet Asia, she has made it her mission to warn readers of upcoming security threats, while also covering other tech issues.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.