Companies cannot rely on device-centric security, an expert claimed after a major flaw was uncovered in Apple’s iPhones and iPads.
The tech giant announced a patch for the flaw on Friday, after revealing that iPhones and iPads were all at risk of having their email and other encrypted comms intercepted.
The flaw was caused by a fault in the way Apple implemented communication encryption protocols into iOS6 and iOS7.
It means that if a cyber criminal can access the same WiFi service as an Apple device user, then they could see and alter exchanges between the user and protected sites.
Seth Hallem, the CEO of secure HTML 5 app dev platform Mobile Helix, who also sold his security testing firm Coverity to Synopsys for $375m, said companies must not rely on the likes of Apple to provide security.
"This flaw should act as a wakeup call to corporate," Hallem claimed. "[It] is probably sending hackers and thieves into a frenzy right now.
"They simply can’t go on trusting their security to device vendors such as Apple. There will always be vulnerabilities to operating systems and devices, that’s why it’s imperative that organisations implement data, rather than device centred security."
Apple has recommended all iPhone, iPad and iPod users to install its software patches to fix the flaw.
This article is from the CBROnline archive: some formatting and images may not be present.