iPad fails security test

As Apple devices grow in popularity, security companies are trying to hack the platform in a bid to test the strength of its security.

Apple's popular iPad has sold more than 3 million units since launch three months ago. However, security companies have successfully breached the device by taking advantage of the same flaw as is apparent in the iPhone.

Jeremy Matthews, head of Panda Security's sub-Saharan division, says the successful tests “doesn't mean we're about to face an avalanche of infections”.

Matthews explains that “logically, all malware designed for iPhones will have the same ability to infect and spread to iPad devices.” He says this is because the iPad and iPhone share the same operating system (OS), known as iPhone (version 3) or iOS (version 4) in the forthcoming version.

However, he warns, despite the fact that Apple decided to not include external hardware peripherals on the iPad, making it impossible to store devices, as well as distributing all software from Apple's App Store, malware authors have still found a way to infect jail-broken devices.

He explains jail-broken devices as those that have been tampered with in order to install unofficial applications.

Kevin Hogan, senior director of development at Symantec describes the worm, called iPhoneOS.Ikee, as a program that tries to log in to jail-broken iPhone (or iPad) devices, relying on users who have not changed their default log-in passwords to infect the devices.

“The iPhoneOS.Ikee is relatively harmless, displaying a picture of 80s pop singer Rick Aston, which then tries to spread across other jail-broken devices,” he says.

Hogan warns that a modification of the worm is, however, more serious: “The iPhone.Ikee.B spreads the same way as the original version, but also modifies the root password of the device to allow access at any time by the hacker.” He adds the worm also steals personal information that is stored on the device.

Hogan says there is currently minimal malicious activity on the iPhone, relative to the number of units sold. Further he says there is no malware that specifically targets the iPad.

“Fundamentally, Apple has ensured that is the case by creating a closed environment that they have for the iPhone/iPad devices,” adds Hogan.

“The malware we've encountered spreads directly from device to device,” says Hogan. He adds that he hasn't seen any evidence of websites attempting to infect iPhones directly, although he admits that it is entirely possible at some point in the future.

He says that advanced mobile phone OS/ecosystems avoided the type of security problems that were plaguing devices by simply closing off access to the devices, so users can't put anything on them that isn't explicitly allowed by the system.

“How to get around Apple's lock down of the device will still present a large problem,” Hogan says, concluding that Google's open sourced Android OS will be the one to watch.