High Quality
Open the downloaded document, and select print from the file menu (PDF reader required).
Nimalan Paul,
Intelligence Communications
14 January 2010
Apple’s iPhone Operating System Unlikely To Be Vulnerable ToHacking Attempts In Next 12 Months
Executive Summary:
Apple’s iPhone Operating System (OS) is unlikely to be vulnerable to malicioushacking attempts in the next 12 months. This is mainly due to the inherent design of theiPhone which reduces the attack surface thus preventing malicious attacks. Despite theoccasional discovery of vulnerabilities in the iPhone OS and Apple’s growing inabilityto thoroughly review the increasing number of iPhone applications, the in-builtrestrictions on running third party and background applications is likely to ensure itssecurity.
Discussion:
The iPhone is designed in such a way that there are numerous restrictions on runningthird party applications. Apple does not allow users to download many file types andall code is executed in a tightly controlled “sandbox” environment
. The iPhone OSalso does not allow any third party applications to run in the background whichreduces the effectiveness of any malicious code should it somehow get in
.Given its restrictive design, the iPhone OS does have its vulnerabilities but areunlikely to be of much use to hackers if exploited
.Security groups and companieshave discovered vulnerabilities in the iPhone OS as early as 2007 when Apple firstlaunched the phone
. Independent security researchers recently demonstrated a potential vulnerability at the 2009 Black Hat Conference in Las Vegas
. Applicationdevelopers have also bypassed the App Store’s strict approval process with Easter eggs – a secret feature hidden in the code
. Though it is possible to sneak inunapproved code into the device, it is likely to be only temporary before Applediscovers it. Even if within the iPhone system, the code is not of much use due to therestrictions on running third party and background programs
.Over and above these in-built security features, Apple also has a remote kill switchfor the iPhone
.So if a malicious application manages to circumvent all theserestrictions Apple still has the option to remotely trigger a command and delete it.Therefore in the near to medium term, there does not seem to be any likely possibilityto effectively hack into the iPhone OS.
Analytic Confidence:
Analytic confidence in the estimative statements in this report is
moderate
due to therelatively low level of technical expertise in mobile operating systems and conflictingevidence from sources of equal reliability.
For questions or comments, please contact the author:Email:npaul36@mercyhurst.eduTel. #: 814-824-3158
Annexure: Analysis Of Competing Hypothesis Matrix (Sorted ByDiagnosticity)
Add a Comment