iPhone most vulnerable platform, for now

BGR reports that iPhone is more vulnerable than Android and Windows Phone and BlackBerry, snippet follows:

A new report suggests that Apple’s (AAPLiPhone is more “vulnerable” to attacks than Android, Windows Phone and BlackBerry (BBRY) smartphones. According to a study from SourceFire, the vast majority of all mobile phone vulnerabilities that have been discovered so far have been found in Apple’s smartphones. The firm found 210 vulnerabilities in the iPhone, giving iOS an 81% share of known mobile phone vulnerabilities, while Android, Windows Phone and BlackBerry devices combined to have a 19% market share.

Yves Younan, a senior research engineer at SourceFire’s Vulnerabilities Research Team and author of the report, revealed to ZDNet that the results were “surprising.” He added that it was also “interesting” because Apple has continued to implement additional security features in new versions of iOS.

I’m not sure why this should be surprising to anyone, any platform that hits a sufficiently large number of users will fall prey to attack.  The many lessons that we learned on the PC platform are happening, albeit at an accelerated pace, on the smartphone platforms.  This is something that we all have a stake in and every business and consumer smartphone customer will need to be responsible for “securing their end point device”, i.e. your phone,  just like you have secured your PC.  No platform is truly immune, active measures are called for.

At BlackBerry we’ve built in several features to help, BlackBerry 10 has built in support for our Fusion MDM product to remotely manage and more importantly to remotely wipe sensitive corporate data.  We’ve got Balance, essentially separate “personal” and “business” partitions built into the platform keeping work and personal data and apps separate and secured.  Our BlackBerry World store has “Enterprise Store” capability, allowing businesses to select, manage and distribute only the applications they’ve approved on the business partition.  Finally, we’ve also announced our relationship with Trend Micro to keep our BlackBerry World stores malware free.

I wish that it were the case that all the features and services we’ve built for BlackBerry 10 were enough, however, you’ll need to take additional steps to insure your apps, services and phones are secure for your customers and employees to the best of your abilities.  This includes preparation, education and implementing sound policies and procedures.   This is our shared responsibility in the smartphone ecosystem.

iPhone prototype

Apple’s purported 2005 iPhone prototype

The interest in Apple’s reported iPhone prototype is understandable, folks hope to gain new insights into how Apple conceives of, designs and builds their products. My impression is that this system was a development system used to run and test early versions of the software, and indeed shows Apple’s thinking re: what became the iPhone platform definition.

Before, after and while at Microsoft I’ve worked on products that have bootstrapped on development systems that approximated the production units as much as possible, at times years before it’s intended launch. You select the processor/architecture family, memory footprint, I/O and make this prototype hardware platform definition as close to the silicon vendors projected availability of their new chip families in the supply chain at your release target date. You then design and build your OS software, drivers and any other hardware abstraction layers to target the core characteristics of the chip families selected. The more chip savvy of you will note this is why new processor features are often not exploited by the OS at initial release. So, indeed this system shows Apples selection of processor architecture and family, however, the screen used may have been a matter of convenience. It may not have been intended to be used at it’s full physical extent but probably was bounded by the target screen sizes Apple was testing. Also given the way the prototype is mounted on the stand it appears this setup was used to test input gestures as well.

So, how does this apply to the rest of the industry? Well, the good news is with off the shelf systems like Raspberry Pi readily available for intial prototyping, it’s an easy, low cost way for startups to prototype their ideas like Apple did using this custom engineered device. We’re seeing an explosion of new devices (not just smartphones) and new categories of devices being created daily for consumers and business. Many acquaintances and former colleagues of mine are now at start ups building devices who’s UI appears on a mobile device, the app is part of the overall solution and experience they’re building.

At BlackBerry we’re fortunate to have the experience of the QNX team who’ve worked on countless embedded implementations of their software. Together, we’re working to make the power of BlackBerry 10 and QNX available to build these new “solution devices” using the tools and platform we’ve shipped in BlackBerry 10.