Apple products are known to be the top of the line when it comes to security. First and foremost, their software designs were built from the ground up with security features and privacy in mind. Secondly, because not many people really bother making viruses or malwares for MACs as well as for the iOS.
Still, despite being the best in security, and a pretty clean track record, there is no such thing as an impenetrable fortress. Apple suffered a widespread “Flashback” malware. Since then, Apple has committed even further towards the goal of complete OS security. It is just a classic case of a first time for everything, or nobody gets it all right the first time.
With the “Flashback” malware aside, Apple is still the beacon of security. They are known to be so secure that in fact, app developers have become rather lax pertaining to their own measures of security for their apps.
As it turns out, App Store developers no longer take time to create their own security features for their Apps, and instead rely solely on the security features of the iOS. This may sound logical for the individual developer, but what about a collection of developers?
During the Black hat event in the city of sin: Vegas, the senior forensic scientist at viaForensics, said Jonathan Zdziarski held a workshop about “the dark arts of iOS application hacking”. In his workshop, he mentions the lax reliance of app developers on Apple’s built in security features. Zdziarski explains that if he were to hack one app on the iPhone, he has basically hacked all the other apps. In one fell swoop, all your apps could be compromised by a single exploit.
Zdziarski observes that ”Security is now an afterthought for many app developers”. Since they know the iOS is secure, and is very unlikely to be hacked, they no longer implement personal fail safes in case the iOS does get hacked.
Take note that while it is “highly unlikely” that the iOS will get hacked, it is not completely impossible. In fact, they have already lost once to infamous Apple hacker, Charlie Miller, who was able to publish a hack through the App Store, undetected. This of course led to the loss of his developer account and gained Apple’s close and ever watchful eye.
Highlighted in the presentation is the demonstration of hacking the PayPal app, an app that handles the user’s money, which above all other apps must be secure. Zdziarski proved that it suffered from the same lax attitude as many other developers and was able to hack the app, allowing the hacker to monitor and read the log in inputs of the user.
According to Zdziarski, he does not intend to call out Apple nor PayPal; he only meant to demonstrate the possible vulnerabilities while alerting app developers of their lack of action. While the iOS is admittedly a very secure operating system, app developers must remain vigilant of their security measures.