What technology gadget maker has made a stronger and more successful run at the corporate enterprise than Apple has in the past few years? None. Thanks to the ubiquity of the iPhone, and Apple’s insistence on a walled garden ecosystem with security at every corner, businesses have adopted iPhones and iPads at unprecedented levels, and Apple rules as the king of mobile devices in the corporate world, far outpacing the obviously less secure Android platform.
Just months ago someone uncovered the so-called Trident/Pegasus malware for iPhones, a set of vulnerabilities and exploits quickly patched by Apple.
Microsoft Brad Anderson:
Trident is a set of 3 vulnerabilities in iOS that can combine in a sequence that allows an attacker to jailbreak and then remotely control an iOS device. It is a brilliantly engineered and unbelievably stealthy attack.
Just how brilliant is this massive exploit? It’s gone commercial.
Governments buy this software on a per-license basis (Lookout notes that the price for Pegasus has been about $8 million for 300 licenses) and it comes complete with 24/7 support and software assurance – it even had volume discounts! If this doesn’t blow your mind a little, just re-read that last paragraph. This is the very scary fruition of something that cyber-security experts have been heavily emphasizing for the last few years: The work behind corporate hacks, online theft, cyber espionage, and cyber-terrorism is a commercial business and not only an underground effort.
In other words, people make money by selling software that can hack into your iPhone. Here’s the dilemma in all this.
I know for a fact that all the providers of mobile operating systems go to superhuman lengths to harden their platforms and do everything they can deliver the most secure operating system possible – but this fact also exists in our modern era of digital threats that produce consistent successful attacks despite the incredible efforts of the organizations building these platforms.
Basically, Anderson is saying that Apple can not secure your iPhone any better than Google can secure Android, which has always been the hotbed of insecurity.
I understand the sentiment, but in a general sense, Microsoft’s Anderson is dead wrong. Why?
iOS 10 was released just a few weeks ago and already more than half of all iPhone and iPad users have upgraded to the latest version. If recent trends continue, by the time iOS 11 comes out next year, more than 90-percent of all iOS users will have upgraded to the latest version.
How does that compare to Android? Android Marshmallow came out about the same time as iOS 9 more than a year ago, but just recently topped 20-percent user penetration. Android Nougat, introduced about the same time as iOS 10 barely shows up on 1-percent of Android smartphones.
What does that tell you? What do you learn from this whole scenario? Google can secure Android as well as Apple continues to secure iPhones and iPads? Absolutely not. Microsoft’s Anderson is dead wrong, and while some iOS users may have their devices compromised, Apple’s ability to upgrade customers to the latest security fixes far outpaces Android.
Oh, by the way, Microsoft makes more money on licenses to Android smartphone makers than it does by selling a Microsoft mobile phone. Surprised? Yes, I was surprised that Microsoft still makes a smartphone.