The Biggest Threat to Apple

It's Apple week! We're examining the world's largest tech company from all angles. Stay tuned to Fool.com all week for full coverage.

Raise your hand if "lack of viruses or other digital threats" is one of the reasons you bought a Mac. Whoa. That's a lot of you.

I understand why. Windows is reputedly more vulnerable than a two-day-old kitten. Apple (Nasdaq: AAPL  ) has made a good living by selling Macs as not only user-friendly, but also more secure than their PC counterparts.

That job is about to get harder, which poses a huge threat to Apple and its shareholders.

The Web theory of everything
Networks are the problem. Connect any two devices over a network, or enable a device to others on a network, and holes get created. Hackers know this. They use skills and tools probe along network walls, like a prisoner looking for a low clearing along a fence line. Leave a hole, and they'll crawl through.

Web businesses often seem to be most vulnerable to these sorts of attacks. Last year, hackers called the Iranian Cyber Army hacked Twitter, and then in January breached Baidu (Nasdaq: BIDU  ) . In 2008, a different band of digital rogues broke through Comcast's (Nasdaq: CMCSA  ) subscriber site. All three businesses are probably more secure today, after patching the holes hackers exploited.

If only we could say the same about Apple.

iSecurity, inching along
Earlier this month, a hole in AT&T's (NYSE: T  ) account-activation procedures for the iPad exposed more than 100,000 email addresses. Today, Gizmodo is reporting that a botched fraud update exposes the personal data of users attempting to upgrade to iPhone 4.

This is a massive problem for Apple. Macs aren't what make the company anymore; iDevices are the growth engine, the future, the raison d'etre for the $246 billion in market cap Apple commands.

Just look at today's action: On a down day for Mr. Market, shares of Apple are up more than 1% on news that users have already ordered more than 600,000 iPhone 4 handsets. Cult of Mac, meet the iEmpire.

Optimists will blame AT&T for these breaches. They're not wrong. But it's wishful thinking at best to believe that Ms. Bell's loophole-closing will solve the issue. It won't, because it can't. Fail-safe systems don't exist in computing.

Once more, consider recent history. A security expert found in routine tests that a powered-off iPhone could be cracked if connected to a PC running the latest version of Ubuntu Linux, even if the device was also password-protected. That's not an AT&T problem, Fool. That's a software flaw. If today's breaches become tomorrow's fond remember-whens, look out below.

A failure of succeeding
Apple's transformation has accelerated with the release of the iPhone and the iPad. Once lucky to move a few million desktops and laptops annually, CEO Steve Jobs is positioning his company to manufacture and sell tens of millions of iProducts each year, building on the more than 52 million iPhones and iPads already out in the wild.

But speed also has a downside. Move too fast, and Apple will leave holes for hackers to exploit, such as the recently discovered Ubuntu iPhone vulnerability.

And let's not forget that there are alternatives to what Apple sells. Should hackers expose iProducts as materially less secure than Research In Motion's (Nasdaq: RIMM  ) BlackBerry, Motorola's (NYSE: MOT  ) Android handsets, or Dell's (Nasdaq: DELL  ) Streak among tablets, Apple's shares would take a hit, as these competitors benefited from the Mac maker's misfortune.

Remember, these are new markets. Apple is a leader now, but its leadership is based entirely on design and perceived performance. There's no incumbent edge; the installed base is too new, with each week bringing new tectonic shifts.

Apple's success is its problem. The more Macs and iProducts there are in the wild, the more hackers will concentrate on them. After all, Apple's machines will be the ones with the data the hackers want.

Here's hoping Apple proves as good on defense as it has been on offense. Shareholder returns depend on it.

Related Foolishness:

When will Apple suffer its next breach? Are security concerns overblown? Discuss in the comments box below.

Apple is a Motley Fool Stock Advisor selection. Baidu is a Motley Fool Rule Breakers recommendation. Try any of our Foolish newsletter services free for 30 days.

Fool contributor Tim Beyers is a member of the Rule Breakers stock-picking team. He had stock and options positions in Apple at the time of publication. Check out Tim's portfolio holdings and Foolish writings, or connect with him on Twitter as @milehighfool. The Motley Fool is also on Twitter as @TheMotleyFool. The Fool's disclosure policy started its career as a motivational speaker, but has never lived in a van down by the river.


Read/Post Comments (9) | Recommend This Article (25)

Comments from our Foolish Readers

Help us keep this a respectfully Foolish area! This is a place for our readers to discuss, debate, and learn more about the Foolish investing topic you read about above. Help us keep it clean and safe. If you believe a comment is abusive or otherwise violates our Fool's Rules, please report it via the Report this Comment Report this Comment icon found on every comment.

  • Report this Comment On June 17, 2010, at 4:57 PM, vicweast wrote:

    You do not understand IT security. You made several either wrong or misleading comments ("networks are the problem", "A security expert found in routine tests that a powered-off iPhone could be cracked if connected to a PC running the latest version of Ubuntu Linux, even if the device was also password-protected. That's not an AT&T problem, Fool. That's a software flaw.")

    These statements are the worst of what you got wrong about security. 1st, the problem isn't confined to networks, the problem is far more complex than that -- and to complicate matters, the threat surface changes on a regular basis. 2nd, if I have physical access to any computing device chances are I can get into to it.

    As far as Apple's revenue goes, see http://treffis.com ( https://www.trefis.com/company#/AAPL?from=list ) for a nice pictorial (mouseable) graph. About 48% of Apple's current revenue is iPhone, but if what we saw with iPod and iTunes is any indication of future performance: iPhone sales to non-Apple computer users will seed more converts to switch to Macs. What Apple has is a self reinforcing ecosystem of products and services. (Hello Cloud-Based Apple Apps...).

    Your closing statement ("The more Macs and iProducts there are in the wild, the more hackers will concentrate on them") is naive as far as understanding what the real story is. Volume does NOT translate to opportunity that clearly. More enlightened security engineers use Macs because there is a real security edge. The platform for iPhone is a derivative of the Mac OS Unix-based system. While some OSs have demonstrable security advantages (long and debatable history, but I am largely correct here) no software should be expected to be free of exploitable flaws at some point... The real question is: Given what we know of past vulnerabilities for specific platforms, which one do you pick in order to place the better bet? I pick Apple's versus Microsoft's.

  • Report this Comment On June 17, 2010, at 5:34 PM, DefunctAcct wrote:

    The "Ubuntu Boot-Up iPhone Hack" mentioned in this post is sadly lacking in useful details. It serves only to "frighten" rather than to inform.

    This iPhone hack can only happen after an iPhone was shut down in an "UNLOCKED" state. This was reported by Hector Martin and developers of the Linux packages, "usbmuxd" and "libimobiledevice".

    What does that mean to a normal iPhone user?

    If you set up

    1. a password lock on your iphone;

    2. the phone automatically lock after a few minutes of disuse;

    then the above described exploit is impossible.

    If you do not set up

    1. a password lock to protect your iphone;

    2. the phone to automatically lock after a few minutes of disuse;

    then this exploit is possible.

    So if a user chooses to not set up a password-lock or to not set up an automatic lock after some period of disuse, then that user's phone is subject to exploit if stolen. This is no different than someone who decides to not use any password protection on his or her PC at home or in the office. No password, no automatic lock-down and anyone and everyone can access your machine.

    I understand the intention of the article but the author clearly did not do sufficient in-depth research and provided a very weak example.

    No software is 100% hack-proof because if a user willingly or unwittingly open up a hole for hacking, then all bets are off. As another poster has written earlier, there are different levels of exploits. Some require user cooperations and some do not. Smart users who take proper precaution on Windows often do not have virus problems. Same goes for UNIX and Mac OS/X.

  • Report this Comment On June 17, 2010, at 9:34 PM, SimonJester753 wrote:

    Bottom line- Apple products are no more vulnerable, (and most likely less vulnerable), than Microsoft and other competitors products.

    But Apple still has the cool factor, based on the most user-friendly software – that's what makes a gizmo cool... being able to use it easily.

    I don't see them loosing that any time soon.

  • Report this Comment On June 17, 2010, at 11:53 PM, gregmrobb wrote:

    Not a big problem.

    Mac OS is not an easy hack. Apple has a whole lot of money and engineers on the problem(s). They have a culture of excellence and safety, bar none.

    If you feel it's a big problem, turn on File Vault and store your important stuff in a safe, really...

  • Report this Comment On June 18, 2010, at 1:37 PM, INoFoolin wrote:

    This article has no relevance to investing. The author does not understand Apple hardware, operating systems, networks, or security. If you have all Apple products you are OK. If ATT has a security breach it is not Apple's fault. If you are using Ubuntu Linux (not sold or supported by APPL) you are obviously a geek and should be aware of the risks.

  • Report this Comment On June 18, 2010, at 5:50 PM, daveshouston wrote:

    Well let's see now. I've owned as many as 120 Macs in my business and have been using Macs since 1990.

    My experience with Windows PCs is much more limited. I've only used one that was loaned to me for a one week period while vacationing in Italy two years ago.

    And my one and only experience with malware attacks was during that week in Italy.

    Game, set, match -- argument over.

  • Report this Comment On June 25, 2010, at 3:04 PM, colinnwn wrote:

    @INoFoolin

    Apparently you don't have a good understanding of OSes networks or security either.

    "If you have all Apple products you are OK."

    Not true.

    "If ATT has a security breach it is not Apple's fault."

    Not their fault, but it is their problem, as AT&T is the only authorized iPhone network in the US.

    "If you are using Ubuntu Linux (not sold or supported by APPL) you are obviously a geek and should be aware of the risks."

    Irrelevant. If you own an iPhone appropriately password protected, any thief who stole your phone could access data on it by turning it off, plugging it into a Linux computer, and turning it back on. This is a monumental fail on Apple's part.

  • Report this Comment On June 26, 2010, at 1:34 AM, jomueller1 wrote:

    I must be missing something. What data would I have on my phone besides contacts and appointments?

    My e-mail is vulnerable because it is net based, my financial data is vulnerable because it is net based. The companies using the net for business (their own and their client's) do not offer much in the arena of security. Some financial companies even limit the passwords to eight characters.

    The Europeans are ahead though not perfect. For banks transactions I need transaction numbers that only I know if I follow the rules. So even if someone finds out my password and the transaction number he/she cannot use my account because the transaction number expires after one use. Not using an all revealing Social Security number the Europeans avoid also much of the identity theft problem.

    The infrastructure in the US is geared to much towards cheap. On top of that most programmers are sloppy or inept or under to much pressure to meet deadlines. To bad that the customers pay dearly for these shortcomings.

  • Report this Comment On June 28, 2010, at 12:08 PM, SoFlaBum wrote:

    It's quite possible credit card information is either on the phone or sent from the phone. There are alot of apps for buying product. Bank of America also uses a system similarly to the Europeans. For several types of transactions (such as transferring money), a transaction code is sent via text message to my iphone. I then have a certain amount of time (i think it's a couple of minutes) to use the code and it is only good for that transaction.

    Security is always a concern with any company that markets products connected to or with the internet.

    That being said, Apple's OS system is inherently more secure than Windows. A good case study on this is Google. After their systems were hacked in China, the corporate standard for new workstations is now either Unix or Mac. Purchase of any Windows based system requires very high approval from within the organization.

    On the phone side, the two OS systems that are growing are Android and iOS (the iphone). Both are Unix based. However, I think one point that has to be considered is that Apple currently vets all apps before putting them on the store and puts more restrictions on developers to insure apps operate within acceptable boundaries. Neither Google nor Microsoft do this.

    None of this means the Apple system is perfect and can't be compromised, but relative to the competition, I think they're in a good position.

Add your comment.

Sponsored Links

Leaked: Apple's Next Smart Device
(Warning, it may shock you)
The secret is out... experts are predicting 458 million of these types of devices will be sold per year. 1 hyper-growth company stands to rake in maximum profit - and it's NOT Apple. Show me Apple's new smart gizmo!

DocumentId: 1211820, ~/Articles/ArticleHandler.aspx, 11/26/2014 6:44:49 AM

Report This Comment

Use this area to report a comment that you believe is in violation of the community guidelines. Our team will review the entry and take any appropriate action.

Sending report...

Apple's next smart device (warning, it may shock you

Apple recently recruited a secret-development "dream team" to guarantee its newest smart device was kept hidden from the public for as long as possible. But the secret is out. In fact, ABI Research predicts 485 million of this type of device will be sold per year. But one small company makes Apple's gadget possible. And its stock price has nearly unlimited room to run for early-in-the-know investors. To be one of them, and see Apple's newest smart gizmo, just click here!


Advertisement