Earlier I posted an article relating to the difficult relationship between enterprise and the iPhone. Now as a follow up it is necessary to look into the security related issues regarding Apple’s venture into mobility.

Lately there have been a number of articles and sites dedicated to hacking the underlying operating system of the iPhone. Initial attempts were purely for benign reasons of curiosity and (not so benign) unlocking. Both of these feats have now been accomplished and have provided some unexpected results. It seems that Apple, in their rush to get the iPhone to market, neglected to lock down security at the OS level. Worse still, the operating system on the iPhone is not some proprietary device based system, but actually a more-or-less fully functional version of Apple’s OS X!

On the surface this seems fantastic! OS X embedded on a $300 device is an incredible deal! Problems arise however when it becomes apparent just how easy it is to hack these devices. The most evident exploit available presently is related to the fact that all applications on the iPhone are run as Root processes. Essentially this allows any application full access to the entire device immediately upon being exploited.

There are any number of articles around now related to the iPhone becoming a mobile hacking platform however this is not the real issue (any hacker worth his salt probably has at least one laptop anyway). The real problem for the consumer is the privacy of their information stored on the device. For instance, malicious code injected into a website accessed by the Safari browser could gain access to the core functionality of any iPhone. An experienced hacker could then gain access to confidential information such as phone logs and contacts.

From the point of view of a personal user this is bad enough. Thinking of it from an enterprise perspective, the lack of security becomes potentially disastrous! Imagine the CEO of a Fortune 500 company having his call logs, contacts and even private photographs on display for the entire world to see! With this exploit it may even be possible for a hacker to gain control of the camera, snapping photos at inopportune times with the CEO’s own device!

I have the honor of calling myself an Apple fan, user and even expert. I am constantly amazed by the wonders of industrial design created within their walls. That said, for the second article in a row, I have to conclude that although I love the idea of the iPhone, it does not belong in business; at least not until Apple decides to leverage the legendary UNIX security that the device already contains!

Mark