Essential Computer Security

pcworld: Did E-mail and the Internet Kill the 9-5 Workday http://bit.ly/94jtxH - pcworld: Did E-mail and the Intern... http://bit.ly/9JI0Ur about 20 minutes ago from Tweethopper

Toshiba Recall Signals Larger Trend for Hot Laptops. http://bit.ly/aRBwxc about 1 hour ago from web

HP Wins 3PAR, What's Next for Dell? http://bit.ly/cvYLhq about 3 hours ago from web

pcworld: Disk Storage Still Bouncing Back, IDC Says http://bit.ly/djLHgl - pcworld: Disk Storage Still Bouncing Bac... http://bit.ly/aaFXjW about 4 hours ago from Tweethopper

pcworld: Watch for Duke Nukem Forever in 2011 http://bit.ly/cKos1P - pcworld: Watch for Duke Nukem Forever in 2011 ... http://bit.ly/9xKVL8 about 4 hours ago from Tweethopper

Apple Falls Short in Protecting iPhone Data

Posted on August 2nd, 2009 by Tony Bradley

The Apple iPhone has more or less revolutionized the mobile phone and captured a significant portion of the consumer mobile phone market. Enterprises have been slower to embrace the iPhone because it has lacked some of the basic enterprise functionality and security features found in more mature and accepted enterprise mobile platforms such as Windows Mobile or Blackberry phones.

With the iPhone 3G, and the subsequent iPhone 3GS, Apple has taken steps to improve on these deficiencies and make some progress in capturing the enterprise market as well. One thing they have done to improve enterprise adoption is to add encryption to protect data. Any iPhone with iPhone OS 3.0 or higher, in combination with iTunes 8.2 or higher, is capable of performing encrypted backups of the iPhone data. With the iPhone 3G Apple also added hardware-based encryption to the phone itself.

As Jonathan Zdziarski discusses and demonstrates in his article on Ars Technica, circumventing either of these measures is trivial and does not provide any real protection for the data on the iPhone. Common jailbreak tools such as purplera1n and redsnow can be used to create an unencrypted backup which can be scoured for sensitive or confidential information.

For the hardware-based data encryption Zdziarski points out that the same jailbreak utilities can be used to access the data. In addition, simply removing the SIM card from the iPhone disables any ability for the AT&T network to communicate with the phone. That means that features such as wiping the data remotely, or the ‘Find my iPhone’ tracking tool will no longer work because the network can not locate or communicate with the phone. With the SIM card removed, the attacker will have virtually endless time to work with the phone and bypass any security controls.

The iPhone is cool. It has neat bells and whistles. For almost anything you can think of “there’s an App for that”. But, when it comes to providing enterprise-grade tools for central management and policy control over the mobile phones, or the ability to encrypt and protect the data on the iPhone, there is no App for that. The iPhone is not ready for enterprise primetime.

Tags: Blog // 1 Comment »

Computer Security In Plain English For Normal People

Tony_BradleyPCW

My Sites

Apple Falls Short in Protecting iPhone Data

One Comment to “Apple Falls Short in Protecting iPhone Data”

Recent Posts