Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Hardware - Troubleshooting and Discussion > iPhone, iPad & iPod > iPhone insecure?

iPhone insecure?
Thread Tools
icruise
Moderator Emeritus
Join Date: Nov 2000
Location: Illinois
Status: Offline
Reply With Quote
Jun 23, 2007, 11:29 AM
 
A lot of "analysts" have been badmouthing the iPhone recently, as this article I found via Google News demonstrates. Here is an excerpt:

Andrew Storms, director of security operations at network security firm nCircle, who called the iPhone a "security nightmare" in a recent post, has gone so far as to post a list of security-related questions that he wants Apple to address in a public forum before organizations "reel this new gadget into" their security policies. To wit:

Is data encrypted while in transit?
Is data encrypted on the device?
Is data encrypted on removable memory?
Is data removed if the device hasn't checked in centrally, hasn't received a policy update within a time window or if battery power is too low?
Is there S/MIME support?
Is there PGP support?
Are there electromagnetic analysis countermeasures?
Are there DRM applications (ability to read, but not forward data)?
Is there user authentication by means of password, passphrase or smart card?
Does the device automatically lock and require authentication to unlock?
Are the encryption keys stored on the devices, and are they also encrypted?
Do the network devices have firewalls?
Are the network interfaces disabled by default, and does the user have the ability to disable at will?
Is there the ability to remotely lock and disable the device?
Is there the ability to remotely wipe and back up data?
Is there the ability to centrally develop and enforce policy settings?
Is there centralized reporting of all device events—calls made, data transferred and usage statistics?
Most of these items seem made up to make the iPhone look bad, and don't even have any relevance to the actual iPhone. Does he actually think that the iPhone might have a feature whereby data is automatically deleted if it isn't checked in? "Is data encrypted on removable memory?" Hmm, if the iPhone had removable memory, that might be a reasonable question to ask.

The article closes with this gem:
Gartner plans to recommend that businesses don't allow iPhones to come onto their premises.
What I don't understand is what makes the iPhone so different from other phones with similar features. Are we to believe that every other phone has the above security precautions in place? I'm getting reminded of all of those stories about how "iPods" were insecure and could lead to data theft, when in fact any kind of portable hard disk or USB drive could be used in the same way. What do you guys think. Is the iPhone really less secure than other smartphones?
     
chabig
Addicted to MacNN
Join Date: Jun 1999
Location: Las Vegas, NV, USA
Status: Offline
Reply With Quote
Jun 23, 2007, 11:34 AM
 
Originally Posted by icruise View Post
What I don't understand is what makes the iPhone so different from other phones...
The only difference is that this is a great phone people will want, and it frightens Apple's competitors. Nothing more.
     
msuper69
Professional Poster
Join Date: Jan 2000
Location: Columbus, OH
Status: Offline
Reply With Quote
Jun 23, 2007, 12:04 PM
 
You left out a word. As chabig mentioned: "iPhone Competitors insecure."
     
icruise  (op)
Moderator Emeritus
Join Date: Nov 2000
Location: Illinois
Status: Offline
Reply With Quote
Jun 23, 2007, 12:21 PM
 
There may be something to that, but I think it's also that IT departments are worried about the iPhone making extra work for them.
     
chabig
Addicted to MacNN
Join Date: Jun 1999
Location: Las Vegas, NV, USA
Status: Offline
Reply With Quote
Jun 23, 2007, 12:44 PM
 
Originally Posted by icruise View Post
There may be something to that, but I think it's also that IT departments are worried about the iPhone making extra work for them.
Of course. Employees exist to serve IT, not the other way around.
     
stevesnj
Mac Elite
Join Date: Apr 2003
Location: Southern, NJ (near Philly YO!)
Status: Offline
Reply With Quote
Jun 23, 2007, 01:45 PM
 
Does the device automatically lock and require authentication to unlock?
I would like to see this most of all...it might be there though, im sure all the security options are yet to be known.
MacBook Pro 15" i7 ~ Snow Leopard ~ iPhone 4 - 16Gb
     
icruise  (op)
Moderator Emeritus
Join Date: Nov 2000
Location: Illinois
Status: Offline
Reply With Quote
Jun 23, 2007, 02:03 PM
 
Seems unlikely that it wouldn't have such a feature, since the iPod does.
     
osiris
Addicted to MacNN
Join Date: Sep 2000
Location: Isle of Manhattan
Status: Offline
Reply With Quote
Jun 23, 2007, 05:19 PM
 
Originally Posted by msuper69 View Post
You left out a word. As chabig mentioned: "iPhone Competitors insecure."
You're not kidding. But with so little information available, I suppose the MS IT fanboys need something to write about.
"Faster, faster! 'Till the thrill of speed overcomes the fear of death." - HST
     
mduell
Posting Junkie
Join Date: Oct 2005
Location: Houston, TX
Status: Offline
Reply With Quote
Jun 23, 2007, 06:21 PM
 
Originally Posted by icruise View Post
What I don't understand is what makes the iPhone so different from other phones with similar features. Are we to believe that every other phone has the above security precautions in place? I'm getting reminded of all of those stories about how "iPods" were insecure and could lead to data theft, when in fact any kind of portable hard disk or USB drive could be used in the same way. What do you guys think. Is the iPhone really less secure than other smartphones?
The iPhone has a camera; most Blackberries and other business smartphones don't.
Every employer that I've worked for had a cameraphone ban.
     
icruise  (op)
Moderator Emeritus
Join Date: Nov 2000
Location: Illinois
Status: Offline
Reply With Quote
Jun 23, 2007, 06:55 PM
 
That may be the case (and I have heard that for people who work for the government, for example), but I haven't heard anyone in these articles mention that as the reason it is "insecure" (maybe a passing comment at best).

Now it is certainly true (or at least I would imagine that it is true) that the iPhone doesn't have some features that companies might want if they were, say, equipping their sales force with thousands of iPhones. But at $499-$599 apiece, that doesn't seem likely. We're talking about people buying them on their own dime and using them in the company. And I don't see what's so different about the iPhone and other smartphones or regular phones that should cause it to be singled out in the way that it has.
( Last edited by icruise; Jun 23, 2007 at 07:09 PM. )
     
JKT
Professional Poster
Join Date: Jan 2002
Location: London, UK
Status: Offline
Reply With Quote
Jun 23, 2007, 07:15 PM
 
Originally Posted by icruise View Post
Seems unlikely that it wouldn't have such a feature, since the iPod does.
If it does, I sincerely hope it isn't implemented as terribly on the iPhone as it is on the iPod (click, click, click, click, followed by stupid long pause to lock the device when it should just be automatic once it goes to sleep or the physical lock is put on).
( Last edited by JKT; Jun 23, 2007 at 07:23 PM. )
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Jun 23, 2007, 09:39 PM
 
At least a significant percentage of these features are indeed necessary, particularly if the iPhone is to be used to transfer sensitive data, but even regardless. These are worthwhile questions that Apple should answer, especially if they want the iPhone to be used as more than simply a toy for people with too much money on their hands to send their friends smiley faces.

This is not a question of Mac vs. Windows, this is just good security - period.

The iPhone's competition may or may not have these features, I have no idea, but that doesn't make these issues any less worthwhile or important, especially since Apple seems intent on marketing this product like they did the iPod and selling iPhones by the boatload.

My opinion.
     
icruise  (op)
Moderator Emeritus
Join Date: Nov 2000
Location: Illinois
Status: Offline
Reply With Quote
Jun 24, 2007, 02:07 AM
 
Originally Posted by icruise View Post
There may be something to that, but I think it's also that IT departments are worried about the iPhone making extra work for them.
I take it back. IT departments are worried that the iPhone will be so easy to use that they will no longer be needed.

The iPhone's competition may or may not have these features, I have no idea, but that doesn't make these issues any less worthwhile or important,
If companies are already allowing (for example) Palm devices to be used and if (hypothetically) they don't have most of these features, why should the iPhone be held to a higher standard? That's not to say that some of these issues aren't worthy of consideration, but banning the iPhone because it doesn't support them, when other allowed devices also don't support them smacks of xenophobia toward Apple products.
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Jun 24, 2007, 12:37 PM
 
Originally Posted by icruise View Post
I take it back. IT departments are worried that the iPhone will be so easy to use that they will no longer be needed.


If companies are already allowing (for example) Palm devices to be used and if (hypothetically) they don't have most of these features, why should the iPhone be held to a higher standard? That's not to say that some of these issues aren't worthy of consideration, but banning the iPhone because it doesn't support them, when other allowed devices also don't support them smacks of xenophobia toward Apple products.
I'm not going as far as to wanting to ban the iPhone, I'm just saying let's not blow off these ideas.

Perhaps Apple does have a greater responsibility though, since they are going for a critical mass of users?
     
icruise  (op)
Moderator Emeritus
Join Date: Nov 2000
Location: Illinois
Status: Offline
Reply With Quote
Jun 24, 2007, 12:49 PM
 
Well, I think Symbian, Palm and Microsoft are also trying for a critical mass of users, but Apple is the only one likely to get it.
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Jun 24, 2007, 12:54 PM
 
Originally Posted by icruise View Post
Well, I think Symbian, Palm and Microsoft are also trying for a critical mass of users, but Apple is the only one likely to get it.
Well then, let's lead and not follow by pushing Apple to implement some of these things rather than be weenies and look around and cry "but they're not doing it!"
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 11:15 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,