iPhones, iPads Pose an Enterprise Security Threat

By CIOinsight  |  Posted 05-14-2012

Apple devices--from iPhones to iPads to Macs--are becoming more prominent in enterprises as employees bring them to work, fueling the burgeoning trend of the consumerization of IT.

And that could cause security problems for businesses, according to researchers at security software maker Zscaler.

The recent malware attacks over the past few weeks on Macs running the Mac OS X operating system as well as the yearlong rise of cyber-attacks are an indication that as these products become increasingly popular with consumers, they also are becoming favored targets of hackers. And as consumers bring these devices into the enterprise and look to access corporate networks and data--a trend called bring-your-own-device (BYOD)--the cyber-threat to businesses also will grow.

A key problem is that many users of Apple products have come to believe that, despite the recent attacks such as the Flashback malware and SabPub Trojan, their products are essentially invulnerable to viruses and other threats, and they've become somewhat lax in keeping the security software on their devices up-to-date.

In addition, Apple officials have proven to be slow in responding to threats, even though the company on May 9 released updates that fixed some flaws in Mac OS X and the Safari Web browser.

For businesses, Macs, and iPads and iPhones--which run on the iOS mobile operating system--could be a problem, according to Mike Geide, senior security researcher at Zscaler ThreatLabZ.

"This latest wave of infections is a wake-up call to Mac users that their system is not immune to threats," Geide said in an email. "The need to follow best security practices, such as remaining current with patches, is ubiquitous--it doesn t matter if you're using Windows, Mac or even a mobile phone."

Apple's security issues came into full view in early April, when it was reported that the Flashback malware which was first detected in late 2011 but became a significant threat this year had infected more than 600,000 Macs worldwide, more than 1 percent of the systems in use.

Flashback exploited a vulnerability in Java that had been patched by Oracle in Windows PCs and other systems in February. However, Apple didn't release its update until early April, too late to stem the infections. In addition, after the extent of the infections became known, Apple didn t release a tool that could detect and remove the malware until after several security software vendors already had launched their own free offerings.

Soon after, the Sabpab Trojan hit Mac OS X systems, and while not as significant a threat as Flashback, it was another indication in the growing interest in Apple systems by cyber-criminals. And that interest is expected to spill over to iOS devices, in particular iPads and iPhones, which, according to Zscaler, are becoming more common in enterprises.

In their State of the Web first-quarter report issued April 30, Zscaler researchers said that Apple iOS traffic rose from 40 percent of all mobile traffic in the fourth quarter of 2011 to 48 percent in the first three months this year. The report looked at 200 billion transactions from millions of users worldwide.

According to the report, Android and BlackBerry traffic declined.


To read the original eWeek article, click here: iPhone, iPad Popularity Could Threaten Enterprise Security: Zscaler