• United States



Chief Executive Officer, Security Innovation

iPhone apps really scaring me now

Mar 30, 20103 mins
Business ContinuityCareersData and Information Security

The iPhone commercials are great. Excellent job of marketing by simply highlighting use cases that differentiates you from the competition. But it’s the apps themselves that are scaring the begeezus out of me. There’s one commercial where a woman is talking about going to the airport with her family… she checks in with an app, finds some food for the kids with an app, and then accesses her IP-addressed home and turns off the lights with an app. All happy and shiny in AppleLand… but if you look into that last app, from Schlage the lock company, you discovery that it does a lot more than just turn on and off your lights. It can lock and unlock doors, turn on/off an alarm, and allows you to do so from the convenience of your iPhone app… or browser.

Does anyone else see a disturbing trend here? Software sucks. It’s buggy and full of security defects. And now, we’re using it on consumer electronic devices to enable (or disable) our home security. Security on the iPhone is lousy. Security of web apps is lousy. The typical consumer is clueless about security other than the shiny lock on their browswer and (maybe) knowing whether or not that have an anti-virus program running. Given the proliferation of web- and phone-based software attacks, it is very easy to imagine someone hijacking your Schlage iPhone app (or web session), opening up your house, walking right in to rob you blind (or worse) … and all because we depend more and more on software and slick-looking apps without thinking about the security implications. Do you really think developers for Schlage know how to write secure software? More likely, they outsourced the effort to an off-shore partner, most of whom are dreadfully insecure programmers.

Last year at RSA Conf. Charles Kolodgy, esteemed analyst and VP at IDC, said that the thing that freaked him most was Microsoft Sync, the software used in Fords to manage your tunes, etc. He said this because he was growing increasingly concerned about software being put into everyday infrastructure like cars. Systems like OnStar and Lojack already provide the ability to lock/unlock cars, shut off and disable a car if it’s stolen, etc. He was concerned that the more and more software controls things like remote car access and power, it would only be a matter of time before navigation was added… and subsequently abused or simply malfunction.

I wonder how Mr. Kolodgy’s feeling these days? I certainly share his anxiety after the latest iPhone commericals.

Chief Executive Officer, Security Innovation

Ed Adams is a software executive with successful leadership experience in various-sized organizations that serve the IT security and quality assurance industries. As CEO, Mr. Adams applies his security and business skills, as well as his pervasive industry experience in the software quality space, to direct application security experts to help organizations understand the risks in their software systems and develop programs to mitigate those risks. The company has delivered high-quality risk solutions to the most recognizable companies in the world including Microsoft, IBM, Fedex, ING, Sony, Nationwide and HP.