Apple is the new hacker bulls-eye

By David Goldman, staff writer


NEW YORK (CNNMoney.com) -- When Apple was just a niche maker of Mac computers and only truly popular among college students and graphic designers, hackers paid little attention to the company. Instead, they focused on Microsoft, which had more than a 90% share of the PC operating system market.

Those days are over. Recent iPad security scares are a sign that Apple's devices are a growing target for hackers, spammers and malicious coders.

"Market share is a pretty good indicator of who hackers are going after," said Kevin Haley, director at Symantec Security Response. "Hackers are motivated by money, so they want to get access to the most amount of people."

Hacker group Goatse Security was able to obtain 114,000 iPad 3G users' e-mail addresses and iPad SIM card ID numbers from AT&T's (T, Fortune 500) website last week. The vulnerability was on AT&T's site, but any hit against the iPad dings Apple as well.

And in a blog post, Goatse Security said Monday that a "skilled attacker" could take advantage of a weakness in the iPad's Safari Internet browser to launch a spam attack from a compromised iPad.

"This is a wake-up call for Apple, and it cannot afford to hit the snooze button," said Hemanshu Nigam, founder of SSP Blue, a cybersecurity consulting firm. "The hacker community focuses on companies that are on the top of their games. Apple has gained enough market share that it has caught hackers' attention."

It's not surprising that Apple is becoming a growing target -- it's simply a matter of scale. Cybercriminals try to hack the software that most people use to access the Internet, and increasingly, that software is made by Apple. While Apple's PC market share is still in the single digits, Apple is now the second largest smart phone maker in the United States, behind only BlackBerry maker Research in Motion (RIMM). It has also sold more than 2 million iPads in just two months.

"Any company's device or platform on which lots and lots of people are exchanging or storing data is going to be susceptible to an attack," said Fred Rica, principal security analyst at PricewaterhouseCoopers. "Hackers are beginning to change over to other platforms that hadn't been traditional targets, particularly to mobile."

Response is critical

As Apple (AAPL, Fortune 500) products become higher-profile targets, its response is going to be tested. The company's stance on security has long been "don't worry about it." For instance, on its website Apple says simply, "Mac OS X doesn't get PC viruses." The iPhone and iPad websites don't even mention security.

Apple claims that the Unix framework that its Mac operating system is built on is inherently safer than Windows. The truth is that Mac OS has as many vulnerabilities as Windows, according to Nigam -- Apple patches its products just often as Microsoft (MSFT, Fortune 500) does.

In the past, Apple has responded quietly when vulnerabilities are exposed, patching products through automatic updates with no announcement. The company's famous "Get a Mac" ads say Microsoft's constant security updates and alerts interfere with users' ability to do work on their computers. Ironically, Apple's Safari browser's lack of security alerts is one of the factors contributing to the security hole in the iPad, according to Goatse Security.

Apple did not respond to requests for comment.

"Suggesting Apple doesn't get viruses gives its users a completely false sense of security," Nigam said. "It's essentially taunting hackers. They'll take it as a challenge, and just start exploiting Apple's user base."

As a result, Nigam suggested it's time for Apple to change it's attitude. Right now, Apple prioritizes the user experience ahead of security. That can backfire.

"Apple has the capability to take charge of this situation now," he said. "If it doesn't, it's risking damage to its reputation for the long haul, a la Microsoft." To top of page

Frontline troops push for solar energy
The U.S. Marines are testing renewable energy technologies like solar to reduce costs and casualties associated with fossil fuels. Play
25 Best Places to find rich singles
Looking for Mr. or Ms. Moneybags? Hunt down the perfect mate in these wealthy cities, which are brimming with unattached professionals. More
Fun festivals: Twins to mustard to pirates!
You'll see double in Twinsburg, Ohio, and Ketchup lovers should beware in Middleton, WI. Here's some of the best and strangest town festivals. Play
Index Last Change % Change
Dow 17,001.22 -38.27 -0.22%
Nasdaq 4,538.55 6.45 0.14%
S&P 500 1,988.40 -3.97 -0.20%
Treasuries 2.40 -0.00 -0.17%
Data as of 3:24pm ET
Company Price Change % Change
Bank of America Corp... 16.13 -0.03 -0.19%
Apple Inc 101.32 0.74 0.74%
Salesforce.com Inc 59.80 4.09 7.34%
General Electric Co 26.15 -0.28 -1.06%
Cisco Systems Inc 24.65 -0.24 -0.96%
Data as of Aug 22

Sections

Name brand American and European conglomerates are feeling the impact from the turmoil in Russia. More

The Coolest Cooler launched a Kickstarter campaign in July and has raised over $9 million so far, the second highest grossing campaign ever. More

The Coolest Cooler launched a Kickstarter campaign in July and has raised over $9 million so far, the second highest grossing campaign ever. More

This month, Delaware became the first state to pass a law giving heirs the right to access the online accounts and assets of someone who has passed away. More

Market indexes are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer Morningstar: © 2014 Morningstar, Inc. All Rights Reserved. Disclaimer The Dow Jones IndexesSM are proprietary to and distributed by Dow Jones & Company, Inc. and have been licensed for use. All content of the Dow Jones IndexesSM © 2014 is proprietary to Dow Jones & Company, Inc. Chicago Mercantile Association. The market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. FactSet Research Systems Inc. 2014. All rights reserved. Most stock quote data provided by BATS.