I was on national TV tonight (starting 10:12 into the clip), commenting on the recent reports regarding iPhone security flaws. My take on the whole thing is simple:
  1. The risk for an iPhone user to be affected is minimal. The flaw is yet to be found exploited.
  2. The security model in both the iPhone and Android phones are strong and protects the user from the most common virus behaviors
  3. So far, the known security flaws need user action to be harmful, for example the user has to download a malicious document or install an app that does something maliciously.
  4. There are millions of known viruses targeting desktop PCs, and so far not one single iPhone virus outbreak has been reported. That should set the perspective on media reports right now.
That said, it is important to remember the background to these reports. iPhone and Android sales are incredible. Millions of new users come onboard every month. This is an increasingly interesting market for those who intend to harm and destroy. I expect makers of malicious code to someday be successful in setting off the first outbreak, but so far we haven’t seen it.
What you can do to minimize the risk of being affected in the future is:
  1. Don’t download apps that you don’t trust. The app description might say one thing, yet the app does something secretly that you don’t want it to. For example, monitor network traffic to pick credit card numbers and passwords that you use when surfing.
  2. Don’t download documents or execute code from unknown sources