Anti-virus software peddler F-Secure: Apple iPhone malware ‘80-90% likely’

“Apple’s reputation for bullet-proof security could soon be blown away, with the most high-profile attack targetting [sic] its coolest device – the iPhone,” David Flynn reports for APC Magazine.

MacDailyNews Take: Ooh, “blown away.” How terrifying. Please. Stop. Too scary.

Flynn continues, “An iPhone virus, spyware or other piece of malicious software is almost inevitable. ‘It’s 80-90% likely that we will see malware targetting the iPhone,’ predicts Patrik Runald, Security Response Manager for F-Secure Security Labs.”

MacDailyNews Take: Never fear, Runald has a potential “solution” to this terrifying threat: When Apple ships the iPhone SDK, anti-virus software peddler F-Secure “might develop anti-virus and security software to protect the iPhone.” No word, yet, on exactly how much they hope to rip-off from iPhone owners for such so-called “protection.”

Full article here.

32 Comments

  1. OK. Let me be the first to say this. The first iPhone virus that finally proliferates the planet, I want someone to reverse engineer the crap out of it and see if anyone can see where it came from. If I see F-Secure’s or Symantec’s or any other anti-virus app’s fingerprints on that, I’ve got three words for you – class action lawsuit! You’ve been warned!

  2. Actually, it’s 100%. Since iPhone runs OS X, and there’s a trojan for OS X, it’s already been done. Doesn’t mean it can be transmitted easily, passed from PC/Mac to iPhone, or over mobile phone networks.

    I don’t have much faith in F-secure since they missed the trojan which is already released (missed as in not even knowing about it).

  3. @Reality Check

    That doesn’t make sense. I don’t think “ubiquity” is the word you were looking for

    Makes perfect sense, Windows is omnipresent, ubiquitous, therefore viruses and antivirus peddlers’ software are also ubiquitous.

    At least I can be confident that my multi-layered and cryptic comments are missing the dull minds of those that lack read comprehension and lateral thinking. Just as well really or the rings may be a-quivering.

  4. “@Wade: That doesn’t make sense. I don’t think “ubiquity” is the word you were looking for…”

    Ubiquity is being all over the place- the argument is one of- there are no viruses for the Mac OS because it is not ubiquitous, and windoze is ubiquitous. Thus, the argument from ubiquity to explain the lack of Mac viruses.

    The argument from ‘non-ubiquity’?

  5. Think life is bad for Mac users? My Dad got a new PC (Dell) and tried to set up the Macaffee virus protection etc. It wouldn’t accept his old account info so he tried to contact them by phone. Never could get anyone. They offer a premium connection for a pound a minute but he isn’t going to do that. Nightmare.

  6. I’m far more worried about extant Windows exploits that threaten my company’s infrastructure than any hypothetical iPhone exploits affecting the iPhones we’re already using for work. Why no similar, ongoing <i>sturm und drang</i> for Microsoft and their continuing ineptitude? Is it that Windows users and Windows-based IT departments just say to themselves, “This is the way it is, and it keeps us employed anyway”? You’d think that this “ZOMG the iPhone may one day get a virus” somehow outweighs the Windows’ insecurity and potentially (and proven) massive negative impact when it’s exploited yet again. I wonder how much companies lose because of botnets and damage caused by things like Storm? Shouldn’t F-Secure be railing against MS for their continuing shoddy work, rather than dreaming up hypothetical situations? Seems that if they’re hyping about potential problems with the iPhone, they should be screaming at the top of their lungs about existing problems with Windows.

    (Thanks for correcting the article link, MDN.)

  7. This is no brainer self-promotion. If they are wrong, they can continue to say next year and no one will deny them. If they are right, they become a prominent security specialist.

    Meanwhile, I will continue to predict demise of Microsoft. Like Digital Research (CP/M), Apollo (Domain), Data General and DEC (VMS) before them, Microsoft will become another forgotten computer company within next ten years. I been saying it since 1990 is beside the point.

  8. How on earth is the iphone going to get a virus or malware?

    EMAIL:
    If you get an email with an attachment from an address you dont know just dont click on it – simple.

    BLUETOOTH:
    Also, with bluetooth, no one can send you a file without you confirming you want it.

    WIFI:
    Cant see any iphone getting malware from this – especially if you are on a closed network which is password protected.

    This is TOTAL FUD!

  9. The FUD tradition against Apple products continues. (Fear, Uncertainty and Doubt is a prehistoric method of propaganda). You’d think they’d get the clue. Symantec made two anti-Mac security FUD attacks in 2005. Utter failures. McAfee followed with their own FUD attack late that year. Utter failure. Then the CEO of McAfee, in a total turn around, suggested that anyone with brains should dump their Windows box in favor of a Mac simply for the sake of SECURITY. This past year we had a flood of FUD from the hacker community. Thankfully none of them wrote anything malicious and Apple were up to the task of eradicating all the vulnerabilities they found. Then last week we were supposed to be shaking in our well-healed Mac user boots about the porno Trojan out in the wild for Macs. Yeah. I’m scared. But at least this this does help waken people up to the fact that NO operating system is ever invulnerable or perfect.

    Here is some FUD: Anti-Mac bigots and marketing morons like F-Secure have an 80-90% chance of making fools of themselves by making stoopid predictions about Apple product security.

    I hope I make them wet their pants and shiver in ((((FEAR)))).

    ;-Derek

  10. An email with malicious jpeg file from one of your Window OS friend.

    Through yet security hole in a undocumented bluetooth port.

    Closed WiFi network? Why? Closed on WiFi, but open to internet through router.

    Not a total FUD. Who would have thought Sidekick can be broken into through the cell phone’s data connection. Someone did. We don’t know if next one will be a worm or a trojan. Just remember, F-security and other anti-virus software makers do not know the answer either. The anti-viurs for most part is reactionary, not proactive. A virus has to hit before they can write the virus definition to stop it. So, the software they are selling today is not likely to stop the virus that comes out tomorrow, at least not for Mac OS X.

  11. “An email with malicious jpeg file …”

    Not so far out. The iPhone was “jailbroken” by leveraging a vulnerability in a tiff library. What can be leveraged for “jailbreaking” could also be leveraged for malicious purposes.

    There are other possible vectors. Safari on the iPhone was broken days after launch by Dr. Charlie Miller at ISE:

    http://blogs.zdnet.com/security/?p=393

    That was down to a vulnerability in open-source software that Apple was using. The vulnerability had already been fixed, but Apple was using an old version — not for the first time.

    The device is far from invulnerable — nothing is.

    However, I think F-Secure is flying a kite. There’s no more reason why the iPhone would be struck by a plague of exploits than any other smartphone. Other phones are probably around in greater numbers, which would make them a broader target. Other phones may be easier to crack, too.

    I think F-Secure mentioned the iPhone because they know it’s a hip product and therefore newsworthy. This interview was about bumping-up F-Secure’s profile; that’s all.

  12. If by “malware,” you include “trojan horse” type malware, they might as well say the chances are 100%. You can’t stop the user from being stupid and intentionally agreeing to install evil software. However, if Apple’s method for officially allowing third party apps on iPhone only permits such software from “trusted” sources, the risk will be minimized. Then again, there will be users who choose to bypass such measures, so the chances are sill 100% that iPhone malware will appear.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.