10 million iPhones = An ideal platform for malware

10 million iPhones = An ideal platform for malware

Summary: Assuming that Steve Jobs is right and that Apple can shift 10 million iPhones by the end of 2008, that could mean a big juicy target for cyber criminals and malware writers.

SHARE:

Let's make a few assumptions. First off, let's assume that Steve Jobs is bang on right and the iPhone will be a massive success. Let's assume that it will be the biggest thing since the iPod. Let's also assume that Steve's right when he says that Apple can shift 10 million iPhones over a year and capture 1% of the cellphone market. If everything works as Steve Jobs iPhonesees it playing out, then he'll be responsible for having created one juicy platform for malware writers.

OS X doesn't dominate any market it's in, but the iPhone might, and that will be the key difference when it comes to malwareHave you ever wondered why you don't regularly come into contact with malware when using your cellphone? One of the main reasons is that no single cellphone has managed to gain enough of a market share to become a large enough platform for malware to leverage. The current cellphone market is diverse and fragmented across a multitude of platforms. Even if you confine yourself to looking at a single specific platform, you'll come across totally incompatible sub-platforms. The fact is that it's tough enough to write legitimate mobile applications using something like J2ME (Java2 Micro Edition) that'll work smoothly across a small number of phones. The combination of an abundant lack of standards and the number of companies competing aggressively means that no single platform has managed to capture enough users to create a critical mass. If legitimate applications written by legitimate programmers find it difficult to work across platforms, what chance do the malware writers have of coming up with code that works over a enough phones to make their efforts worthwhile? It’s negligible at best. The current state of play offers security. Sure, it’s security through obscurity, but so far it’s served us well. As it stands now, owning a cellphone is relatively risk-free and doesn’t open a door to malware.

But Steve Jobs wants to change how things are. He is not happy with entering the cellphone market in a small, reserved way. He wants to enter the market with a bang and hopes that within 12 months Apple will be able to create a dominant platform where one didn't exist before. If things work according to plan, by the end of 2008 we'll see a mobile platform large enough to make it a worthwhile target for malware and cyber criminals. And don't think that this won't happen. A platform of 10 million users, all of whom will have spent $600 on a cellphone is a group well worth targeting.

Now Apple's counter to this is to put restrictions on the running of third-party code on the iPhone. A few weeks ago at D 2007 Steve Jobs told Walt Mossberg the reason why Apple placed restrictions on the iPhone’s capability to run third-party code:

This is an important tradeoff between security and openness. We want both. We're working through a way... we'll find a way to let 3rd parties write apps and still preserve security on the iPhone. But until we find that way we can't compromise the security of the phone.

I've used 3rd party apps... the more you add, the more your phone crashes. No one's perfect, and we'd sure like our phone not to crash once a day. If you can just be a little more patient with us I think everyone can get what they want.

Personal note: The part where Jobs says "I've used 3rd party apps... the more you add, the more your phone crashes" strikes me as peculiar. What third party apps? The iPhone's not even out yet but Jobs is blaming crashes on random applications. That statement more than any other gives me the impression that the cut-down version of OS X on the iPhone might be too cut down to run much beyond what is already bundled – and more than likely that been tweaked with so it will run on the iPhone.

Now while this might be ample security to prevent people with nothing better to do from tinkering with the iPhone and running their own code (and possibly causing the iPhone to crash, something that Steve Jobs is keen to avoid, and more seriously, causing disruption to the cellphone network), it's going to have to be watertight if it's going to keep hackers out. You can expect that hackers will be looking closely for any weakness and will hammer relentlessly at any that are discovered. Just because Apple has had a good security track record with OS X doesn't guarantee that the iPhone will be as lucky (OS X doesn't dominate any market it's in, but the iPhone might, and that will be the key difference when it comes to malware). In fact, given that they’re rushing iPhone out of the doors at Cupertino, the chances of coding blunders are high. It's certainly not a platform I'd like to integrate into a corporate or other critical environment until many of the bugs, especially security bugs, have been shaken out.

So, those who buy into the iPhone phenomenon could find themselves having bought into a platform that gives them more than they'd bargained for. Malware, security vulnerabilities and patches could become a way of life for the iPhone early adopter. Personally, I'm happier using a cellphone that isn't part of such a big ecosystem. I feel safer that way.

Thoughts?

Topics: Security, Apple, iPhone, Malware, Mobility

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

61 comments
Log in or register to join the discussion
  • I?m happier using a cellphone that isn?t part of such a big ecosystem.

    I feel safer that way.

    But yet you still use Windows ??
    mrlinux
  • You know what they say about ASSumptions...

    Awful lot of guessing for a product that's not even released yet.
    BitTwiddler
  • Sigh

    1% is a big enough marketshare to attract virus writers now? Funny how I keep hearing there is no Mac malware because of Mac's pathetically small marketshare (6%). Yet for phones, apparently the rules are different? Please, if you're going to employ a canard, at least try to keep it consistent.

    By the way, how many tens of millions has the RAZR sold? Why no malware there, if it's as easy as that?
    tic swayback
  • If anything

    malware attacks on a product with only 1% penetration would disprove the idea that virus writers go after the largest platforms. Instead, it would prove that they go after the ones which are easiest to attack. Which is something I agree with, however I am not saying I think the iPhone will be attacked because I have no idea how secure it will be.
    Michael Kelly
  • [i]If you can just be a little more patient[/i]

    [i]with us I think everyone can get what they want.[/i]

    I'll be happy to be patient while this problem gets resolved, as long as Apple is patient while I wait until the problem is resolved before I consider buying the product.
    Michael Kelly
    • What problem?

      You have a journalist debuting unfounded prophecies, and you're going to make a purchasing decision on that?

      wow...
      BitTwiddler
      • Are you suggesting

        that Adrian misquoted Steve Jobs? Because I am responding to a direct quote, not the article itself.

        Now if Jobs was misquoted then fine, say so. It shouldn't be too hard to prove a misquote. But if he wasn't misquoted, then why is my comment so controversial?
        Michael Kelly
        • That Jobs may have been referring to other phones?

          Especially since Apple's phone isn't out yet, there are no third party apps yet, so obviously Jobs was referring to OTHER phones, quite probably.
          Spoon Jabber
    • What problem?

      The one where Adrian Kingsley-Hughes demonstrated his unending loyalty to Microsoft even if it means creating FUD and lies about MS's competitors?
      nomorems
    • Solve the problem first....?

      The phone isn't even out yet, the "problem" doesn't even exist. How does one solve an imaginary problem? I have an imaginary solution....<pffffft, pfffffffft, cough! Cough!, yeah.......that's better!> :)
      Spoon Jabber
  • Talk about a fud campaign?

    You are losing a few credibility points here Adrian, this is nothing but a fud piece to generate more hits. But I do see you laughing as you type because surely you can't take this serious.
    dave95.
  • What third party apps?

    For more on 3rd party apps crashing phones and networks, try the comments on this Slashdot thread:
    http://apple.slashdot.org/apple/07/06/05/1936213.shtml

    And a good article on Apple's likely approach to letting developers code for the iPhone:
    http://arstechnica.com/staff/fatbits.ars/2007/06/04/the-frontier
    tic swayback
  • What a crapy statement

    I guess we have our new George Ou when it comes to bash Apple with completely stupid statements. I mean it has to be bashing, what else can it be when such non-sense is written?

    I mean, do you have just a single proof that a popular cellphone today is infected by malwares? I don't think so!!!! And even your all speech does not make any sense. You speake of 10 millions iphone could be enough to attract malwares and in the same time you seem to say that OS X does not dominate any market its in (well typical troll argument, what about the science market, the 2D, 3D, video, music creation market, the education market..... ), but do you realize that there are well above 10 millions machines running OS X today, and so how it comes that those machines are malware free? Did you even think about that, well looking at your photo i am guessing that you are not a genius, but come on, even you could have put some little thoughts before to write something, haven't you?

    Given that the iphone runs OS X (which does not have the awful record of malwares windows has) how you expect that malwares will hit the iphone?

    Let me tell to you something, you are just bitching, this is BS.

    You don't have either the technical knowledge to say that whether of not the iphone would have malwares nor any kind of proof or market sign that allows to say that.

    Why don't you go and play with George Ou and stop spreading your fud on the net...

    I really wonder why zdnet has so poor bloggers writting for it, they are just obvious trolls, this is just crapy content....
    Hakime
  • I think Steve's referring to current cell phones, not the iPhone.

    "Personal note: The part where Jobs says ?I?ve used 3rd party apps? the more you add, the more your phone crashes? strikes me as peculiar. What third party apps? The iPhone?s not even out yet but Jobs is blaming crashes on random applications. That statement more than any other gives me the impression that the cut-down version of OS X on the iPhone might be too cut down to run much beyond what is already bundled ? and more than likely that been tweaked with so it will run on the iPhone."
    ye
    • Something else to think about

      The iPhone uses a completely new interface. No scroll bars, no mouse, none of the normal navigation elements most programmers are used to incorporating. So that means an entirely new set of guidelines to follow. Which need to be both determined, then documented. So one can understand Apple's initial reluctance to allowing 3rd parties to immediately jump into programming for the phone (not to discount the business reasons for keeping it closed, which under further scrutiny have hopefully been abandoned).
      tic swayback
  • Is 10 Million enough

    10 Million doesn't seem like many cell phones to me. In fact that seems really small to me considering how many cell phones you see out there on a daily basis. It looks to me like 1 in 2 people seem to have a cell phone these days, even kids. So you take the US alone with its 300 + million population and 10 million I-phones seems like hardly a dent as far a platform domination stands.

    So would 10 million be enough? I don't think so.
    voska
  • Nokia alone sold 92 Million in JUST the 1st quarter of 07

    The worldwide market for cell phones is expected to hit
    about 1 Billion this year. last year it was about 700
    Million.

    12 Million doesn't sound like much of a market share,
    does it?
    j.m.galvin
    • re: Nokia alone sold 92 Million in JUST the 1st quarter of 07

      jm:

      And how many of those 92 million phones were smartphones that can run 3rd party applications?

      Probably less than 1%...

      Do the math.
      M.R. Kennedy
  • Nokia sold 645 Million phones...

    last year. How many "sub-platforms" do they use? Unless they use 60 different
    ones, they still have more than 10 million phones with the same "sub-platform."

    Where is all of the Nokia malware?

    The software (firmware, I guess, actually) on my Motorola seems to be identical
    with my daughter's LG. Between them, Motorola and LG sold nearly 80 million
    phones [i]in the last quarter of 2006 alone[/i].

    Where's the malware for Motorola's and LG's?

    Anyway, setting aside the fact that your 'analysis' is, well, asinine, let's look at the
    rest of your screed:

    "[i][Steve Jobs]... is not happy with entering the cellphone market in a small,
    reserved way. He wants to enter the market with a bang and hopes that within 12
    months Apple will be able to create a dominant platform where one didn?t exist
    before.[/i]"

    The stated goal is 1% of the market in 18 months, which translates to about 10
    million handsets. Hardly a dominant position. Perhaps you can read Jobs' mind,
    and you know what he isn't saying out loud. That's quite a gift you have. You
    should use it for good of mankind.


    Finally, as ye pointed out, when Jobs spoke of 3rd party apps, he never said it was
    on the iPhone. I wouldn't bring the your "personal note" again, but such stupidity
    can't go untweaked.
    msalzberg