Bruising the Apple


Cyber criminals may be eying up Apple as a juicy target for all kinds of cyber attacks. But the responsibility is not just on the company

It has been an ingenious assumption that Apple computers are immune to viruses and other damaging malicious software. Many mistakingly thought that it was only Windows and Linux systems which could be exposed to such harm. To remain believing such a myth would be rather ignorant, everyone is subject to cyber threats and attacks, even the elusive tech giant that is Apple.

Symantec, a software company, have produced a report which warns that Apple products will provide a juicy target for cybercriminals as they recognise their growing popularity as they spread into numerous markets across the globe. IDC, a market research firm, says that the company now accounts for 13.5% of global smartphone shipments and 7.5% of global PC shipments.While this may provide the most valuable company in the world with more dominance and profit, it also has provided the company with an important responsibility.

Being a tech company or any company dealing with lots of personal data such as payment card information, passwords and other sensitive information, now comes with the challenge of protecting that information from the many malicious actors which exist online. This challenge is perhaps now greatest for Apple.

Already it has seen a number of cyber threats tormenting its users and devices. Even IOS, which is arguably less vulnerable than other operating systems, is not immune. Apple’s robust systems for accepting apps into its App Store from software developers means most of those suspicious apps containing malicious software or exposing any potential vulnerabilities in the OS are filtered out from the start. Moreover, with API’s not being made available, few vulnerabilities exist in the IOS platform. Yet it is still not completely invulnerable. Earlier this year in September, the App Store in China was infected with XcodeGhost malware, in which hackers created bogus IOS building apps to steal data and send it servers under their control. In addition to this, earlier this year vulnerabilities within Macs allowed hackers to enter without detection and thus allowing them to spy without being noticed. The flaw here was with its BIOS (basic input/output system) which is what gets the computer system started when the machine is turned on. When the Mac wakes up from sleep mode, it allowed direct access to the BIOS which allowed a hacker to tamper with the code easily. Fortunately, the flaw was found by a curious researcher who informed Apple as soon as the flaw was identified, though in the future, such generosity will be in short supply.

On High Alert

What has Apple done so far to prepare for more breaches and attacks? Quite a bit, is the answer. Apple’s cyber security has always been fairly tight despite its platform not always being a main target for cybercriminals. It has certainly reassured its consumers that their data will be safe in their hands, and has done so by dedicating a section on its website detailing its privacy policy, government requests and other related information. By clearly laying out the agenda, the company takes a necessary step in coping with the dangers of cyber. This transparency allows the company to develop a strong and trusting relationship between itself and its consumers. This serves to then further its already robust brand loyalty which enables the businesses to accumulate a lot of success with its various products.

Furthermore, Apple’s commitment to stronger encryption also does well to reassure consumers that their data is sufficiently protected from the vicious hand of hackers. Although this commitment, which involves the company implementing cryptography which is so strong that even the company itself cannot break it (as they revealed to a US court earlier this year), comes with a conflict of interest. Favouring stronger encryption results in the absence of backdoor access for law enforcement or the government to achieve better national security and obstruct and eliminate the activity of criminals. Despite the inconvenience for political leaders and regulators, encryption is a necessary evil, simply because government data collection programs cannot adequately guarantee that the masses of data being collected can be properly protected against unwanted third parties, including hackers, and in addition, remain legally controversial. It is therefore necessary that Apple incorporates strong encryption better protect consumer data, even it means the government cannot keep a closer eye on them.

Overall, becoming a big potential for attacks means that the company has to be on constant high alert. Attacks can come from anywhere, at any time, and can come in various forms. Even Apple employees, particularly the ones working specifically its products and services, need to keep a close eye for any vulnerabilities. Though this should not just apply to products, but also and perhaps more critically, the human being. This provides the easiest loophole for hackers to penetrate, as the use of social engineering to deceive and manipulate is quickly becoming one of the most common methods hackers use to exploit computer networks and steal or corrupt data.

Sharing the Burden

It is important to note that it is not just down to Apple to prepare for possible cyber attacks. Consumers too can also do their part. Weak passwords, whether they are too short or too simple, they provide another easy way in. Numerous researchers have identified the most common passwords amongst internet users to be 123456 or password, which very worryingly makes it far too easy for hackers to get through. The introduction of Touch ID (a fingerprint-reading mechanism of which selected devices feature) has helped consumers use an easily accessible password which hackers cannot exactly steal, which is their fingerprint. However using more complex and less predictable passwords and changing them frequently is still a necessary practice. The main problem is that consumers find this a very tedious process. Slacking efforts to ensure sufficient security from a users standpoint also, in a way, acts as another branch to the responsibility tree for Apple.

Encouraging two-step authentication is one solution, or even making users change their passwords every 6 months or so may prove even better. Either way, Apple is going to be one of the major targets for hackers and malicious online actors. A poll conducted by technical risk insurer Hartford Steam Boiler Inspection and Insurance company earlier this year showed that around 70% of all businesses experienced a hack in the last year. Its inevitable it will happen, but can Apple cope? Most likely, it seems.