Earlier this week Apple had the kickoff of their Worldwide Developers Conference (WWDC), which is always interesting to watch where they highlight what new features will be coming out in their operating systems, and new tools they have created for developers to continue to make more apps. This year, the themes were device integration, collaboration, and extensibility. All things that make a security guy cringe.
Apple is moving to more collaboration among their devices, and extensibility to allow apps to interact with each other, whereas they were sandboxed before. New enhancements will enable collaboration among your family members to share photos, music, apps, and calendars seamlessly. They also announced their platform, Healthkit for health monitoring on the mobile device. Folks with fitness monitoring wearables can send activity information that is calculated into metrics about current and trending health information. And this can be shared with your doctor, or notify your hospital when one of your vital signs goes out of bounds. Further, they announced HomeKit, which will let you interact with your home thermostat, locks, garage door and other items to really embrace the Internet of Things (IoT). These features will bring great convenience to users, and better information sharing among needed parties (including devices and apps). But of course, it works best when you have an infrastructure that is completely Apple.
It’s not unique to Apple; Google and Microsoft are walking down the same path as well, where all our personal devices are seamlessly connected with each other and with IoT devices around us. Not saying it’s all a bad thing, just something that now will increase the surface area for unauthorized access and corruption of one device could cascade to others based on trust relationship. What if a bad guy gets access to a device, he gets not only your data, but access to your iPad and Mac(s), your home and your health informaion, plus the pictures and calendars of your family members too. Yes, your iPhone can be protected with your fingerprint reader, (which now also can be used for 3rd party apps), but the importance of your devices has just gone way up. Therefore the impact of its loss, corruption, or unauthorized access has skyrocketed. Your privacy is now being protected by how well you have managed security of your mobile devices. With all risk management, knowing the risks, and what you can do to reduce them is the first step. I hope folks understand that their mobile device risk is about to increase, just due to evolution.
– Rick Doten, DMI Chief Information Security Officer (CISO)