Apple is the new hacker bulls-eye

By David Goldman, staff writer


NEW YORK (CNNMoney.com) -- When Apple was just a niche maker of Mac computers and only truly popular among college students and graphic designers, hackers paid little attention to the company. Instead, they focused on Microsoft, which had more than a 90% share of the PC operating system market.

Those days are over. Recent iPad security scares are a sign that Apple's devices are a growing target for hackers, spammers and malicious coders.

"Market share is a pretty good indicator of who hackers are going after," said Kevin Haley, director at Symantec Security Response. "Hackers are motivated by money, so they want to get access to the most amount of people."

Hacker group Goatse Security was able to obtain 114,000 iPad 3G users' e-mail addresses and iPad SIM card ID numbers from AT&T's (T, Fortune 500) website last week. The vulnerability was on AT&T's site, but any hit against the iPad dings Apple as well.

And in a blog post, Goatse Security said Monday that a "skilled attacker" could take advantage of a weakness in the iPad's Safari Internet browser to launch a spam attack from a compromised iPad.

"This is a wake-up call for Apple, and it cannot afford to hit the snooze button," said Hemanshu Nigam, founder of SSP Blue, a cybersecurity consulting firm. "The hacker community focuses on companies that are on the top of their games. Apple has gained enough market share that it has caught hackers' attention."

It's not surprising that Apple is becoming a growing target -- it's simply a matter of scale. Cybercriminals try to hack the software that most people use to access the Internet, and increasingly, that software is made by Apple. While Apple's PC market share is still in the single digits, Apple is now the second largest smart phone maker in the United States, behind only BlackBerry maker Research in Motion (RIMM). It has also sold more than 2 million iPads in just two months.

"Any company's device or platform on which lots and lots of people are exchanging or storing data is going to be susceptible to an attack," said Fred Rica, principal security analyst at PricewaterhouseCoopers. "Hackers are beginning to change over to other platforms that hadn't been traditional targets, particularly to mobile."

Response is critical

As Apple (AAPL, Fortune 500) products become higher-profile targets, its response is going to be tested. The company's stance on security has long been "don't worry about it." For instance, on its website Apple says simply, "Mac OS X doesn't get PC viruses." The iPhone and iPad websites don't even mention security.

Apple claims that the Unix framework that its Mac operating system is built on is inherently safer than Windows. The truth is that Mac OS has as many vulnerabilities as Windows, according to Nigam -- Apple patches its products just often as Microsoft (MSFT, Fortune 500) does.

In the past, Apple has responded quietly when vulnerabilities are exposed, patching products through automatic updates with no announcement. The company's famous "Get a Mac" ads say Microsoft's constant security updates and alerts interfere with users' ability to do work on their computers. Ironically, Apple's Safari browser's lack of security alerts is one of the factors contributing to the security hole in the iPad, according to Goatse Security.

Apple did not respond to requests for comment.

"Suggesting Apple doesn't get viruses gives its users a completely false sense of security," Nigam said. "It's essentially taunting hackers. They'll take it as a challenge, and just start exploiting Apple's user base."

As a result, Nigam suggested it's time for Apple to change it's attitude. Right now, Apple prioritizes the user experience ahead of security. That can backfire.

"Apple has the capability to take charge of this situation now," he said. "If it doesn't, it's risking damage to its reputation for the long haul, a la Microsoft." To top of page

Frontline troops push for solar energy
The U.S. Marines are testing renewable energy technologies like solar to reduce costs and casualties associated with fossil fuels. Play
25 Best Places to find rich singles
Looking for Mr. or Ms. Moneybags? Hunt down the perfect mate in these wealthy cities, which are brimming with unattached professionals. More
Fun festivals: Twins to mustard to pirates!
You'll see double in Twinsburg, Ohio, and Ketchup lovers should beware in Middleton, WI. Here's some of the best and strangest town festivals. Play
Index Last Change % Change
Dow 16,737.79 59.89 0.36%
Nasdaq 4,468.14 15.35 0.34%
S&P 500 1,957.67 6.85 0.35%
Treasuries 2.26 -0.02 -0.79%
Data as of 11:25am ET
Company Price Change % Change
Microsoft Corp 45.61 0.59 1.31%
Ford Motor Co 13.97 -0.43 -2.99%
Apple Inc 104.74 -0.09 -0.09%
Bank of America Corp... 16.62 0.02 0.15%
Yahoo! Inc 43.15 0.55 1.30%
Data as of 11:11am ET

Sections

Wall Street is tired of Amazon losing money. Investors want Jeff Bezos to be more focused and disciplined with the company's long-term investments. More

Regulators are about to reveal the results of an extensive health check of Europe's top 130 banks, indicating which may need a cash infusion. More

Tumblr CEO David Karp says he's still the boss after Yahoo's purchase, and he's happy with the progress the company has made so far. More

Using technology developed for the military and implemented in Iraq, schools have installed alarm systems that detect gunfire. More

Big purchases often come with big expectations. So it's no wonder that in a recent survey 80% of homebuyers said they regretted at least one thing about their home. Here are ways to improve those odds. More

Most stock quote data provided by BATS. Market indices are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer.

Morningstar: © 2014 Morningstar, Inc. All Rights Reserved.

Factset: FactSet Research Systems Inc. 2014. All rights reserved.

Chicago Mercantile Association: Certain market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved.

Dow Jones: The Dow Jones branded indices are proprietary to and are calculated, distributed and marketed by DJI Opco, a subsidiary of S&P Dow Jones Indices LLC and have been licensed for use to S&P Opco, LLC and CNN. Standard & Poor's and S&P are registered trademarks of Standard & Poor’s Financial Services LLC and Dow Jones is a registered trademark of Dow Jones Trademark Holdings LLC. All content of the Dow Jones branded indices © S&P Dow Jones Indices LLC 2014 and/or its affiliates.