• United States



iVirus for the iPhone?

Jul 10, 20072 mins
Business ContinuityCareersData and Information Security

After a gazillion people camped outside of iPhone dealer for days in the blistering heat or cold or torrential rain, or tsunami, the technological marvel that is the iPhone was released. You all know by know that I am a bona fide Mac addict, but this is just ridiculous. Come on people it’s just a freakin’ phone. And why, for that matter can’t it ever be nice weather outside while these chuckleheads (no offense dear readers if you are one of these, well”Ś er”Ś chuckleheads) camp outside of some store waiting on the gadget dujour. I mean come on cut these folks a break, they obviously don’t have a life. Why not at least let them enjoy the weather while they sleep outside of a WalMart.

(Okay, I’m back from my tangential rant.)

With all of these shiny new iPhones garnering so much media attention, can you think of a better target for ne’er do wells out there? Some pimply faced 14 year old Romainian kid is thinking that the clock is ticking on his 15 minutes of fame. He’ll write the iVirus and be plastered on every newspaper in the literate world, not to mention getting Michael Moore bumped from another guest appearance on some cable TV show. Realistically, this is quite an opportunity for someone. Convergent technology, particularly in it’s first generation always makes me nervous. Not because of it is new technology but because it combines the attack vectors of multiple technologies. As both a WiFi and cellular device, it is safe to assume that the iPhone is subject to threats from both avenues. The question is, can malware traverse from one avenue to the other. That is to say can WiFi propagating malware move into the cellular world? Oh think of the damage”Ś

For quite some time now, conventional wisdom has told us that the Mac platform wasn’t a large enough target for the bad guys/gals. The iPhone may change that. In its first week in the real world we have already seen the phone “unlocked” bypassing the mechanisms tying it to AT&T’s network. It is my prediction (and a safe one at that) that the iPhone will become a beacon to the bad guys.

So that being said, if anyone wants to give their iPhone away, feel free to mail it to me at”Ś

Chad McDonald, CISSP, CISA, C|EH, PMP is a Senior Professional Services Consultant with Imperva. Chad has worked previously at National Student Clearinghouse, Centers for Disease Control and Prevention, Georgia Department of Audits and Accounts and is the former Chief Information Security Officer at Georgia College & State University. Chad has addressed numerous groups on topics such as business continuity planning, incident response, and information security awareness. Chad has spent the bulk of his career building, managing, and assessing information security for educational and research organizations. Chad has earned multiple professional security certifications. He is a member of the Information Systems Audit and Control Association as well as InfraGard, an FBI Task Force charged with protecting the nation's information infrastructure. Chad is active in the security community He worked with law enforcement agencies to assist in the prosecution of the first computer crime on record in Georgia and continues to assist local and state authorities with computer based investigations. Chad has investigated computer and computer-related crimes for local and state law enforcement agencies. Chad is an avid Mac user, since he was rescued from the dark side eight years ago. He currently conducts the vast majority of his work using a MacBook Pro and a MacBook. Chad looks forward to the day that he can stop referring to himself in the third person and actually pay someone to write his bio for him. The opinions and statements expressed here are those of Chad McDonald and in no way reflect opinions or statements of any employer or organization with which Chad is affiliated.