iPhone and Social Site Security Risks

Published reports are citing an increased effort by hackers to attack Apple, Inc. iPhones. In other news, there has been an increase in security exploits associated with social networking sites, as well as an increase in the vulnerability of security breaches via Wi-Fi routers.

Focal Points:

• Recent published reports by various security groups have cited an increase in activity around hackers working to exploit vulnerabilities in the iPhone. One of the first exploits noticed was the Safari browser, but as attackers become more familiar with the system, additional device attacks are occurring, such as exploits around phones "unlocked" from the AT&T network. In addition, hackers are increasing attacks on Macs, although this still poses a smaller threat to enterprise users, since the majority of Mac adoption is still with consumers.
• Social networking sites are coming under increasing attacks by hackers, due to their dramatic increase in popularity as well as their relative collective insecurity.  Typical exploits involve the modification of web pages so that the visitors to the sites get malicious content. The significant difference here is that it allows hackers to focus on damaging site content, so that the people to be exploited end up coming to the attackers. The emergence of Web 2.0 technologies is making it easier to perform these exploits, since this technology makes it easier for applications that were externally developed to be embedded into web sites.
• Researchers from Indiana University at Bloomington recently published a model that shows the potential for exploit of Wi-Fi routers in a dense metropolitan footprint. Simulations they built demonstrated that a complete Wi-Fi cloud could be infected within two weeks, with most devices being infected in less than two days. A typical exploit would be drive-by pharming, where researchers built an exploit scenario in a joint project with Symantec Corp. These attacks take advantage of the fact that many wireless access points still are in the field with the vendor default passwords still active. This allows hackers to infect the routers with JavaScript code. The researchers found between 21 to 40 percent of wireless routers use encryption. They also found that routers that are using Wireless Encryption Protocol (WEP) can almost always be broken.

Experton Group believes security risks will continue to increase in both complexity and attack vectors, as long as there are financial incentives for hackers to exploit entries into corporate networks and information. Hackers are likely to continue to stay ahead of the security community in finding new applications and devices to exploit, so security teams will need to stay proactive in anticipating where the next threat will come from. This includes aggressive testing of new applications and devices, as well as having an ongoing security profile done to look for exploits that did not exist since that last application security test. Security managers should ensure strong wireless router security practices are implemented. In addition, they should use continuous security audit and testing, as well as heuristic security analysis tools that identify changes in application and network behavior, as an early warning signal for potential new exploits.