Investor's Business Daily, June 6th, 2007
One downside to developing a successful electronics product such as the Apple iPod is that it often becomes a bull's-eye that hackers try to hit.
"Hackers have big egos and their main goal is to get their work into the newspaper," said Peter Lindstrom, an analyst at market research firm the Burton Group.
Newspapers are attracted by firsts, and in April security supplier Kaspersky Lab discovered the first virus designed to infect Apple's AAPL iPod portable media players. The virus, named Podloso, was more of a proof-of-concept program than malware, or malicious software, designed to bounce rapidly from device to device.
While it caused little damage, Podloso's emergence signaled to users to be on guard.
Hackers are drawn to popular platforms that can potentially cause a lot of damage. Thus, the iPod.
"Apple did a great job in positioning its product as something intriguing to both the young and the old," said Dale Gilliam, an analyst at market research firm the Diffusion Group (private).
Nearly half of iPod's customers are older than 35. The Diffusion Group expects U.S. iPod unit shipments will more than double to 68 million in 2010 from 29 million last year.
The iPod presents a taxing challenge for hackers, which some say could motivate such folks. The device is largely a closed system, meaning there are no interfaces that can be used as entry points. It also has a relatively simple design.
And the iPod is usually used as a separate, handheld device. It's not usually connected to computer networks. Of course, it does connect to PCs and the Internet when users download songs or videos from Apple's iTunes online store.
Podloso got through these hurdles, but just on iPods running on the Linux operating system. Apple recalled the infected devices. Once launched, the virus infects all files in the fairly common .elf format. Any attempt to remove the malware would cause the virus to display a message that said: "You are infected with Oslo the first iPod Linux Virus".
Few iPods, however, run on Linux, the open-source operating system most used on server computers. And because of the iPod's simple design and limited networking, Podloso didn't include a "payload," which is essentially the directions to spread from one device to another.
There's been at least one other instance of malware showing up on iPods, but that problem stemmed from the design of Microsoft's MSFT Windows operating system rather than the iPod. In September 2006, Apple discovered that about 1% of its iPods Video systems -- which The Diffusion Group say account for 21% of the overall iPods sold -- were shipped carrying the Windows RavMonE.exe virus. This virus does not affect the iPod or any data on it, but it does have a payload that could corrupt data in Windows PCs to which an infected iPod is connected.
But RavMonE.exe is well known malware, and vendors have sent out plenty of patching software to eradicate this problem. And it was shipped on only a small number of iPod Video systems, so it did little damage.
The iPod is not the only MP3 digital music or video player that has been attacked by hackers. In August 2006, McDonald's ran a promotion where it sent MP3 players to 10,000 customers in Japan. But if users connected the music players to their computers, then the worm WORM_QQPASS.ADH could infect their computers and possibly steal their personal data. The worm spread from the MP3 player to other removable drives on computers running Windows. If the malware found the QQ Instant Messenger application, it attempted to steal account log-in information and other chat details. The malware even attempted to disable anti-virus applications. McDonald's recalled and replaced the infected devices.
The McDonald's incident served as another warning shot.
"It usually takes a while before the hackers make inroads against new systems," said Rich Mogull, an analyst with research firm Gartner. "The first inklings of viruses for mobile phones appeared in the summer of 2004, but it took two years before there was a significant number of them."
Analysts, alas, expect a similar scenario to unfold with iPods.
"There are hackers who are now spending their days taking on the challenge of writing malware for the iPod," said Burton Group's Lindstrom.
Users must be on guard, analysts warn.
"Even today after decades of publicity, a number of high-profile cases and a great deal of education by vendors, many users do not seem to understand the basic concepts of PC security," said Diffusion's Gilliam.
