BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

The iPad 3: A Shiny New Object for Hackers?

This article is more than 10 years old.

Image by Getty Images via @daylife

IDC has released statistics that are both sobering for computer security execs and downright eye-candy for hackers:  91 percent of people globally who own an iPad use it for work. In fact, it appears as though iPads are becoming de facto work devices, with only some use devoted to personal surfing, content viewing etc.

Some of this work use is relatively benign from a security perspective: IDC found that most respondents used the iPad for reading news. Also on that list, though, was e-mail and chat—where sensitive information could easily be hacked.

Besides the clear love affair corporate workers are having with the iPad, there is also a major push by the government to incorporate the devices.

The Federal Aviation Administration has developed security standards for internal use of the iPad, the Federal Times reports. So has the Veterans Affairs Department, in order that its employees can view information such as its electronic health record system VistA.

BYOD Trend

This trend of ‘bring your own device” or BYOD to work—be in public or private sector--has been a growing source of concern for the security industry.

“Employees are accessing sensitive corporate information from their own devices - including the iPad,” Graham Cluley, senior technology consultant at Sophos tells me.

“The risk is that these devices won't be compliant with the security policies your company has on the rest of your network - potentially exposing corporate data and email,” he said.

Tight Security

Okay but the iPad? Apple, to cite one security-related example, is notorious for its tight control on how applications can be distributed to users—as anyone who has tried to get an iOS app published in the App Store can tell you.

A Symantec white paper "A Window into Mobile Device Security," emphasizes the security Apple—and Google for that matter with Android—has built into their respective systems.

For example, a corporation that wants to deploy privately-developed apps to their iPad-using internal workforce has to register with Apple’s iOS Developer Enterprise program. “To be approved for this program,” Symantec says, “Apple requires that the applicant corporation be certified by Dun and Bradstreet, indicating that they’re an established corporation with a clean track record….each app must be digitally signed by the enterprise before distribution to the internal workforce. Moreover, internally developed apps can only be used on devices on which the enterprise has installed a digital certificate called a “provisioning profile”.

Still, the system is not foolproof, it said.

And, of course, data can be compromised in any number of ways, including some that Apple has no control over, such as phishing and for mobile devices in particular, by losing the thing.

In an m-health study, the U.S. Department of Health and Human Services Office for Civil Rights reported that, between September 22, 2009 through May 8, 2011, 116 data breaches of 500 records or more were the result of the loss or theft of a mobile device. More than 1.9 million patients’ personal health records were exposed as a result.

iPad3 Eye Candy

Given the study period—which began before the first version of the iPad was ever released---probably only a minority of these data breaches came from the tablet. However, with iPad 3 expected on the scene soon, both adoption of the device and interest in it by hackers is bound to increase. Rumored specs for iPad 3—none of which have been confirmed by Apple but seem logical enough enhancements—include high-definition screen and a quad-core processor. Some reports put its launch date as soon as March.

“It wouldn't be a surprise to see hackers targeting iOS devices more as they become more popular in business,” Cluley says.

“We've certainly seen a marked increase in malware attacks against Macs in the last year.” (And yes, he adds, ditto for Google Android OS). “As all of Apple's products become more popular, they will inevitably draw more attention from malicious hackers.”

Apple does run a very tight ship regarding what applications it allows, pre-vetting all programs, he agrees.

Unfortunately its oversight isn't perfect, he says. “We've seen some demonstrations of malicious apps through the app store that have raised questions about the rigorousness of Apple's vetting process. And various password/encryption attacks show that Apple's security isn't flawless.”

An exploit in the mobile Safari browser is another potential vulnerable area, he says.

The biggest danger, Cluley says, is poor password security on iPad devices—which unfortunately for Apple, is also out of its control.