Will Apple’s Spectacular Success Invite More Malware?

Apple’s spectacular earnings report reveals it sold 15.4 million iPads, 37 million iPhones and 5.2 million Macs from October through December. So where’s the predicted wave of OS X and iOS malware? Isn’t the market share big enough to make either platform an attractive, easy target for criminals?

Experts, citing Apple’s security controls and the easy opportunities for crooks to profit elsewhere, say massive sales do not automatically equate to massive malware. The wave of malware may break, but it won’t be for quite some time. For now, Apple’s waters are calm, and people keep diving in.

iPhones are in the clear … for now

Tim Armstrong, malware researcher for the security firm Kaspersky Lab, agrees.

“I still feel like the wave has yet to come. We’re in a transitional phase,” Armstrong told SecurityNewsDaily. “Malware writers have had years to find ways to monetize their attacks on traditional platforms and hardware. In some ways they need to reinvent the wheel to successfully and consistently make money attacking mobile platforms, especially with regard to iOS.”

[Infographic: Inside Apple's Blowout Quarter]

Apple pushes out frequent software and security updates, and subjects app developers to a strict vetting that makes it difficult for malicious apps to sneak in the market. For potential malware writers, these walls are not worth the climb, said Charlie Miller, the principal research consultant at Accuvant.

“It is tough to get malware on iOS devices because apps have to go through the App Store, which requires Apple’s approval,” Miller told SecurityNewsDaily. “The way iOS is designed allows Apple to have a big hand in what software runs on the device. All apps have to be approved by Apple before they can be downloaded to your device. The most obvious pieces of malware will be caught by this, or perhaps malware authors don’t even bother trying.”

“Obviously, this isn’t perfect,” Miller added, “but it at least makes it tougher and so on iOS I wouldn’t expect major malware problems anytime soon.”

Miller knows Apple’s security infrastructure well — perhaps too well. Formerly part of Apple’s developer program, Miller was famously kicked out in November after sneaking a proof-of-concept malicious app into the iTunes App Store.

Big bad Android

It’s impossible to talk about potential iPhone threats without discussing the big green alien in the room.

Android puts its customers at an immediate disadvantage by slacking off on security updates and, to the dismay of anyone who’s ever downloaded a fake app, leaving glaring holes in the vetting process for new apps.

“It is far easier for criminals to upload their malicious applications onto the Android market than to sneak them through Apple’s app review process,” Armstrong said. “I believe it’s really a matter of return on investment for the criminals, and other platforms offer greater returns.”

Apple’s iOS isn’t completely bulletproof, said Kevin Mahaffey, chief technical officer and founder of Lookout Mobile. “It’s a potentially dangerous fallacy to believe that any mobile platform is impervious to threats.”

It’s the difference in the types of threats Android users face — banking Trojans in the Android market as opposed to Web-based threats like phishing emails — and the ease in building Android malware, that make Android devices much more alluring targets.

“Android and Windows are more popular in places where malware has historically been written, specifically Russia and China,” Mahaffey told SecurityNewsDaily. ”In order to write iOS and OS X software, you need a Mac.  Malware writers are unlikely to have a Mac on their desk, making it rather difficult for them to build iOS/OS X malware.”

Mahaffey added that there is “a tremendous amount of information,” disseminated among the programming community, on how to write Android malware.

Mac or PC?

It’s necessary to point out that no computer or smartphone is ever going to be completely impervious to cyberattack. As long as a device exists, someone will find a way to tamper with it.

But even with Apple’s staggering profits, and the dozens of glowing white Apple logos you see at your local Starbucks, hackers are still keeping their sights trained on Windows machines. The reason? That’s where the money is.

That’s not to say there isn’t a great deal of malware being written for Mac’s OS X platform. But it’s all relative, Miller said.

“Mac OS X is not inherently more secure than Windows,” he said. ”It used to be much less secure, actually, but has caught up for the most part with Windows security-wise.  We did see some new malware in 2011 for OS X, and I imagine we’ll see more, but that amount of malware comes out for Windows in about three seconds, so it is still two very different worlds at this point.”

Miller added, “5.2 million Macs is a lot, but compared to the number of Windows computers sold during that time, I bet it’s quite small.”

Armstrong agreed. “Even with the surge of new Mac users appearing every day, “the size of the user base pales in comparison to the Windows world,” he said. “Attacking OS X has unfortunately offered some successes to the criminals, but they have been far more successful attacking via other strategies on the more common Windows platforms.”

Cybercriminals, Mahaffey said, will continue to concentrate their efforts on the systems that present maximum profit with minimal danger. For now, Apple doesn’t fit the bill.

Article provided by SecurityNewsDaily, a sister site to Laptopmag.com.


LEAVE A REPLY
Name*
Email* (will not be published)
Website
*Indicates required field
Comments*
Submit Comments

  1. James Kattr Says:

    Apple’s success will mean more criminals will target it with Malware.

    The biggest problem for them is that iOS and Mac OS X are so secure that viruses and worms cannot exist. There has never ever been a viruses or worm for Mac OS X in its existence – over 10 years.

    iOS is even more secure than Mac OS X since the only way to load apps on it is through the app store.

    The only vulnerability in Apple’s systems is through Trojan Horses. These are applications which require the user to be dumb enough to install it – similar to giving a gun to a person and asking them to shoot themselves.

  2. Fricfrac Says:

    2002 & 2003 & ….want their argument back. Over 100m users and still no virus in the wild on OSX.

FIND A REVIEW
Laptops
All Product Types Accessories Cars Digital Camcorders Digital Cameras eReaders GPS Laptops MP3 & Video Players Projectors Smartphones Software Storage Tablets / MIDs VoIP Wi-Fi
All Subcategories
All Subcategories All-Purpose Budget Business Desktop Replacement Gaming Multimedia Netbook Nettop Rugged Student Tablet PCs Ultraportable
Brand
Acer Alienware Apple Archos ASUS Averatec BenQ CTL Corp. Dell Digital Storm eMachines Emtec Everex Fujitsu GammaTech Gateway General Dynamics Getac Gigabyte Hercules HP HTC iBuyPower Intel Lenovo MSI Nokia Nvidia OCZ OLPC OQO Origin Panasonic Sager Samsung Sony Sylvania Systemax TabletKiosk Toshiba Verizon Viewsonic Viliv VooDoo Workhorse PC ZT Systems
Minimum Rating
Any Rating Editor's Choice 4.5 Stars 4.0 Stars 3.5 Stars 3.0 Stars
Screen Size
10 11 12 13 14 15 16 17 18 20 4 5 6 7 8 9
Resolution
1024x576 1024x600 1024x768 1200X800 1280 x 720 1280x1024 1280x768 1280x800 1366x678 1366x768 1440x1050 1440x900 1600x768 1600x900 1680x1050 1680x945 1920x1080 1920x1200 800x400 800x480
Weight Range
10.1 - 12.0 pounds 12.1 - 14.0 pounds 14.1 - 16.0 pounds 2 lbs 2 pounds and under 2+ lbs 2.1 - 4.0 pounds 4.1 - 6.0 pounds 6.1 - 8.0 pounds 8.1 - 10.0 pounds Over 16 pounds Under 2 pounds
more options
SUBSCRIBE