An interesting take on smartphone security, which I'm sure will continue the open versus closed debate. The argument for the security of open source software has always been that with more developers looking at the code, weaknesses are more likely to be identified and patched versus the small number of programmers that have access to a closed operating system. I guess it is possible that access to the source code could allow a malicious attacker to more quickly identify and exploit a vulnerability in the OS, but I think the primary weakness in the Android ecosystem is the freedom and minimal oversight afforded to apps.
Android much less secure than iPhone:
Trend Micro chairman Steve Chang warned in an interview published today that Android was significantly more open to attack than iOS. Google's decision to allow some open-sourcing and to have only a light approval touch let malicious coders get more information about how to stage viruses and other malware. Apple's decision to close off much of the iPhone OS, sandbox code and to vet apps more closely may have antagonized some, Chang told Bloomberg, but has also led to a more secure platform.
'We have to give credit to Apple, because they are very careful about it,' he said.
It was virtually 'impossible' for some kinds of rogue code to work on an iOS device, he explained. Viruses that deliberately 'decompose' to avoid being recognized by antivirus scanners and then reassemble afterwards can work on Android but won't succeed on iOS. He didn't explain what made this possible, though Android apps are allowed to extend or modify parts of the main OS where these are usually fenced off on iOS.
iOS was still vulnerable, Chang emphasized, but mostly to social attacks where customers were tricked into voluntarily compromising the security of a device. Most significant security issues in iOS have come from visiting specially crafted websites that take advantage of an unpatched exploit.
No comments:
Post a Comment