2215 Bridgepointe Pkwy, Suite 400
94404 San Mateo, CA, us
+49 (20) 71832-832
Fortify Software warns companies to beware multi-tasking aspects of new iPhone 4.0 operating systemSan Mateo, CA, )
The move to multitasking on the iPhone opens up all sorts of hacker and mischievous possibilities on the Apple handset, as users can be interacting with an app in the foreground, whilst the iPhone does all sorts of things in the background, says Richard Kirk, European director with the application security specialist.
"The addition of multitasking for the iPhone is clearly a major step forward for the Apple handset, and we fully expect to see the arrival of a number of corporate apps as a result in the coming months," he said.
"This is excellent news for business usage of the Apple smart phone, but company software teams should be aware of the need to carry out software security tests on all apps - regardless of source - before they are deployed, as they may turn out to harbour hidden problems in the program code," he added.
According to Kirk, the potential for such malware can clearly be seen with a new Windows Mobile game called '3D Antiterrorist action,' which reportedly dials expensive international phone calls in the background, whilst the user plays the game on their smartphone.
This, he says, is a clever use of the fact that some international call destinations offer shared revenue to third parties, in much the same way that UK premium rate numbers offer call revenue to companies.
The Terdial trojan (http://bit.ly/aoR1cm), as it is known, is one of the first to take fraudulent advantage of the multitasking aspects of the Windows Mobile platform and Fortify fully expects to see other trojans plus malware used in future iPhone apps.
And, Kirk says, given the interest in the iPhone's new tablet cousin, the iPad, he also expects to see similar malware arriving on the new iPad, as its popularity continues to grow, and multitasking arrives on the computer.
It's against this backdrop that Fortify says that companies planning to roll thirdparty apps for use by staff in any shape or form, carefully check the source code of the app for any hidden problems.
This is especially important, he explained, as a growing number of iPhone users are unlocking their handsets from their cellular carrier and the Apple iTune store, to allow them to run thirdparty sourced software, which is not checked by Apple Computer for its provenance.
"It's important, therefore, for companies to implement software security testing to identify and remove any potential vulnerabilities from existing applications, as opposed to simply trying to block attacks on applications," he said.
"And IT staff also need to understand the need to test not only the app code that is developed in house, but code this is acquired from vendors, outsourcers and open source. The iPhone clearly has new and significant potential with the latest operating system update, but companies need to carry out their own security tests before embracing the obvious benefits of the handset," he added.
For more on Fortify: www.fortify.com
Die Nutzung von hier veröffentlichten Informationen zur Eigeninformation und redaktionellen Weiterverarbeitung ist in der Regel kostenfrei. Bitte klären Sie vor einer Weiterverwendung urheberrechtliche Fragen mit dem angegebenen Herausgeber. Bei Veröffentlichung senden Sie bitte ein Belegexemplar an firstname.lastname@example.org.