Apple's iPhone: theoretical risks of unreleased handset

Symantec stokes Apple hype engine

Apple's iPhone is unlikely to become a gateway device for mobile malware, Symantec says. The handset will run an operating system based on Mac OS X, thus opening the possibility that the small number of viruse targeting the platform might be re-purposed to infect iPhone.

However, Concerns about possible mobile infestation of iPhones are "premature" at worst according to Eric Chien, an anti-virus researcher at Symantec.

For one thing the iPhone will be locked down so that consumers will be able to install only selected third party applications. While not dismissing the possibility that iPhone-specific malware could be created, Chien reckons it won't reach the levels currently seen with smart phones running Symbian OS. Nonetheless, vulnerabilities in Mac OS X could create future problems, he warns.

"The likely vectors of infection will be via any vulnerabilities on the device that allow code to execute. Unfortunately, just a single malware writer taking advantage of a single vulnerability could cause havoc, but for the most part such attacks will be limited," he writes.

"If the iPhone remains a closed device with not even Java applications or widgets let alone native code, the risk of infection becomes orders of magnitude lower."

Even though the iPhone is "locked down", interest in the technology is likely to spur the creation of home-brew hacks. The motives of these users is simply to run their own code on the phone, but the techniques pioneered by tech enthusiasts might be re-purposed for more malign purposes.

"Once they install and execute unknown code on their device, there is always a chance of executing malicious code. This scenario happened in the past with the Sony PSP and PSPBrick Trojan," Chien notes.

A mono-culture of devices running the same OS, knowledge among hackers about how software on the device works have been factors driving the creation of numerous items of malware on Windows PCs and the reason why mobile malware, despite considerable hype from some quarters, has been mercifully rare. Chien concludes that this is unlikely to change much with the arrival of iPhones later this year.

His analysis is published on Symantec's security blog here. ®

Sponsored: How to determine if cloud backup is right for your servers