Consider a new source, Reg
Apparently this "Hyppönen" chap doesn't read the news, or he selectively reads it.
"From the attacker's point of view, it is a hard device to attack, because there is no SDK (software development kit) - it's a closed system,"
Except for the fact that people have already figured out how to develop and run applications on it. And that existing applications, namely the OS, have been reverse-engineered in less than a month, say?
"Finally, some researchers question whether compromising an iPhone would gain anything of value for the attacker."
Well, it can be used as a listening device. I certainly see government-level espionage, def. corporate espionage, in the works with this. If a person uses their iPhone to access bank stuff, it apparently can be monitored just like a PC can with a keylogger.
"The iPhone's restrictions on installing non-Apple software can be seen as a security feature as well, as long as the protections make it difficult to create programs for the phone"
Except if it uses a simple check to verify that it's proper Apple software, then all a programmer has to do is reverse-engineer the legit Apple apps and find the string and inject it into their own programs. Even if Apple uses a grossly-ineffective method of checking over the 'net of a program's authenticity, well, that's simple! Redirect the authentication server to a malicious one via editing of the hosts file, and the methods employed there can easily be ascertained by running an Ethereal/ettercap scan and reading the packets.
Come on El Reg, don't get your soundbytes from F-Secure. Go back to Sophos. While Graham Cluely doesn't open his mouth much for the soundbytes, he at least doesn't sound like a twunt when he does.