Hackers Jail Break Apple's Security Image

Last Updated Jun 15, 2010 8:00 PM EDT

In the Mac versus Windows operating systems wars, Apple (AAPL) aficionados often argue that their systems are more secure than anything available from Microsoft (MSFT). However, in a connected world, there's no such thing as an island. The minute AT&T (T) exposed 114,000 iPad owners to hacking, Apple should have seen that when your partner blows it, so did you. Then again, Apple has been lax about mobile security itself, compounding the issue.

That underscores a lesson for managers, which is that customers can and will often blame you for what your business partners are doing -- such as the way Facebook's application partners are hosting individually-targeted online ads that look like they're getting personal information from Facebook even though they're not. In this case, of course, Apple also has to deal with the fact that it enjoyed an undeserved reputation for resilience to malware -- largely because hackers long ignored Macs in favor of targeting the much greater number of Windows machines.

These days, however, several signs that Apple mobile products and services are potential targets for hacking. And since Apple's biggest product of the moment, the iPhone, is tied to AT&T (T) in the U.S., that puts Apple on the hook for AT&T's failures in the mind of the buying public. After all, consumers here have no other choice.

AT&T, of course, tried to blame the security experts/hackers -- who call themselves Goatse Security -- that rubbed its corporate nose in the problem, but the response was immature. It was like a homeowner who complains about the burglars that walked through the unlocked door. What did you expect? More important, what does Apple expect from its joined-at-the-hip partner?

It's another example of tech companies that hide from security problems. It only led to the group lambasting both AT&T and Apple:

AT&T had plenty of time to inform the public before our disclosure. It was not done. Post-patch, disclosure should be immediate -â€" within the hour. Days afterward is not acceptable. It is theoretically possible that in the span of a day (particularly after a hole was closed) that a criminal organization might decide to use an old dataset to exploit users before the users could be enlightened about the vulnerability.
It's bad enough for Apple's users to find themselves exposed to security issues via AT&T, yet the problems don't stop there. Apple has yet to patch the mobile version of its Safari browser on iPhones and iPads, which still exhibits a serious security flaw that Goatse first publicly noted on March 23. That flaw could allow hackers to hijack an iPad.

Given the tens of millions of mobile devices it has shipped, Apple has become a viable hacking target -- worse, one that doesn't rush to fix problems that others point out. When the race for mobile customers is as heated as it is now, this type of inattention is dangerous.


Image: Flickr user Dirk Hartung, CC 2.0.
  • Erik Sherman On Twitter» On Facebook»

    Erik Sherman is a widely published writer and editor who also does select ghosting and corporate work. The views expressed in this column belong to Sherman and do not represent the views of CBS Interactive. Follow him on Twitter at @ErikSherman or on Facebook.