Expert sees security issues with the iPad
Security expert says things like strong encryption and an access control feature are missing from Apple's new iPad tablet device.
Apple's new iPad device looks like it will have some of the same security issues that affect the iPhone, such as weak encryption, a mobile security expert said on Thursday.
For one, if the iPad employs encryption the same way the iPhone does, sensitive personal data, including phone numbers and e-mail addresses, could be retrieved and viewed, says Daniel Hoffman, chief technology officer at SMobile Systems, which sells mobile security software.
"The problem with the iPhone security encryption is it is fundamentally worthless," he said. "It can be easily bypassed."
Hoffman is not alone in making that assessment.
Secondly, if iPad users get their apps from the Apps Store, they are at risk of getting the occasional bad apple, Hoffman said, noting that there have been malicious apps found in the store.
In addition, the device is subject to man-in-the-middle attacks like any other device that uses unsecured Wi-Fi networks is, he said. SMobile is developing a tool to protect against such attacks, in which someone is able to intercept Internet traffic mobile devices send over Wi-Fi networks and inject new messages while masquerading as a legitimate party in the communication.
The iPad also should have management capabilities, like the option of using a PIN or passcode, and remote lock or wipe in case of loss or theft, he said. The iPhone offers a service to help locate lost devices and provide remote wipe, but it's pricey at about $100 per year.
"Until it's officially released, we just won't know on some of these things," Hoffman said. "I would hope it would have remote wipe capabilities. People do mobile banking and store sensitive information and they want it protected."
An Apple spokesperson did not respond to an e-mail seeking comment on Hoffman's concerns.