The iOS curated walled garden seemed to be the perfect platform to keep viruses, trojans and other malware out of Apple’s mobile devices. Through this system, no malware can get into iPhones and iPads because Apple takes a look at an app from a developer before putting it up for download in the app store. Hundreds of apps arrive every day and Apple tries to make sure that they’re safe. But because Apple’s ecosystem has grown so much, it has become a lucrative target for unscrupulous coders always looking for vulnerabilities in Apple’s system. Apple has millions of apps in the App Store for iPhones and iPads, and it has become a gargantuan task for the company to curate all the new arrivals and updates. Some eventually get through, and if some got through, others could follow. Microsoft was rather eager to point that out.
“Over the last two years, I’ve had senior executives tell me countless times that they have unwavering implicit trust in the iOS platform. In these discussions it’s been pretty common to hear a comment like, ‘I don’t trust Android because it is like the wild, wild west, but I have tremendous trust in iOS because it is a controlled and procured ecosystem’… I’m not attempting to throw stones at Android or iOS but there is a dilemma with this perspective: I know for a fact that all the providers of mobile operating systems go to superhuman lengths to harden their platforms and do everything they can deliver the most secure operating system possible but this fact also exists in our modern era of digital threats that produce consistent successful attacks despite the incredible efforts of the organizations building these platforms.”
— Brad Anderson, Corporate VP, Microsoft
Up ‘til now there’s constant debate about system security between the major operating systems, MacOS X, iOS, Linux, Android and Windows. Which one is the safest to use? Which operating system has fewer viruses and malware? No doubt Windows has the most. Windows has been around for years, in full use by millions of businesses and individuals all over the world, so there’s no doubt it’s the most lucrative target for hackers and malware authors because that’s where the money is. Next in line would be Android which is currently the world’s most used operating system due to all the cheap phones and tablets out there, many of which are already being used in e-commerce. No doubt the platform has already been compromised with hundreds, if not thousands of malware since deployment and distribution through Android is not as secure as Apple’s.
Apple does enforce draconian policies when it comes to its ecosystem, but there’s no doubt its own user base has grown considerably that it has become an appealing if not challenging target. iOS is the second most used operating system for mobile devices, and its user base remains proud of the fact that malware and viruses are almost non-existent on the platform. That prevailing myth and other Apple security features also makes it appealing for use in corporate settings. But what does it take for iOS to get hacked or infected? Persistence and determination and of course, money. There’s tons of money to be had from the world’s millions of Mac and iOS users since these users have tons of money to afford these devices in the first place. Jailbreakers even posted a reward for anyone who can come up with an exploit that can be used to jailbreak iOS 9 and 10.
That, and because of news that several malwares have managed to infiltrate the platform like XcodeGhost, Microsoft deems that iOS users are already at risk for a lot more and that it won’t take long. For a few million dollars, sponsored malware authors with plenty of resources can find iOS vulnerabilities and hack into the system and infect a device with malware. The malware Trident/Pegasus is such an example. Pegasus was a surveillance developed by an Israeli-based company known as the NSO Group in order to target high-value targets that use iOS devices. 300 licenses of the malware was sold for 8 million dollars. One such use of it was to spy on human rights activists in the Middle East. Now with geopolitical tensions running high, even the Apple Watch has been banned in UK meetings because they might be compromised by state-sponsored hackers and used for espionage through unwary officials.
It’s just ironic that the owners of the world’s most virus and malware prone platform would throw shade at perhaps the most secure platform, but they do have a point. Nothing is totally secure, and companies and individuals cannot put blind faith in any particular platform and throw caution to the wind.
“People in general feel, ‘It’s Apple, so it’s secure’…Whereas the truth is that Apple operates within the same bounds as every other software provider, so they’re just as likely to have security vulnerabilities as anybody else.”
— Brian Bourne, co-founder, Toronto Annual SecTor Cybersecurity Conference
“This is the very scary fruition of something that cybersecurity experts have been heavily emphasizing for the past few years. The work behind corporate hacks, online theft, cyber espionage, and cyber-terrorism is a commercial business and not only an underground effort… If you, as an organization, have intellectual property that is of interest to another company or a state organization, that company does not have to have the expertise to build a sophisticated attack like this; they just have to have the money to buy a license.”
— Brad Anderson, Corporate VP, Microsoft
No doubt that iOS is pretty much more secure than Android or Windows but it’s still important to exercise some basic security for individuals and some advanced security for government and top private companies because you know, nude hacks, the Apple/FBI PIN fiasco, Xcode…etc.