backtop


Print 91 comment(s) - last by zzdinko.. on Aug 1 at 9:34 AM


Apple says its iPhone 3G S is "ready for business", however one leading hacker calls it "useless" for business users, thanks to its woefully poor encryption and security. He says the phones pose a serious threat to companies adopting them. Still, some companies say it's worth the risk.  (Source: The iPhone Blog)
The iPhone yet again experiencing criticism over poor security

Jonathan Zdziarski, an iPhone developer and a hacker who teaches forensics courses on recovering data from iPhones, hasn't been very impressed with the iPhone's security -- or lack thereof.  Mr. Zdziarski has indicated that iPhone OS v3.0 is a bit better when it comes to security, but he says with only a few pieces of readily available freeware you can easily crack it in under two minutes.  That news must be concerning for the corporations and government agencies that support the hundreds of thousands of business iPhones Apple says it has sold.

Mr. Zdziarski says the iPhone's security woes are entirely unnecessary and are the result of incompetence.  He states, "It is kind of like storing all your secret messages right next to the secret decoder ring.  I don’t think any of us [developers] have ever seen encryption implemented so poorly before, which is why it’s hard to describe why it’s such a big threat to security."

His statements stand in stark contrast with Apple Chief Operating Officer Tim Cook's cheerful news that 20 percent of Fortune 100 companies have purchased 10,000 or more iPhones apiece and that multiple government organizations had purchased 25,000 iPhones apiece.  Mr. Cook had bragged, "We’re seeing growing interest with the release of iPhone 3.0 and the iPhone 3GS due in part to the new hardware encryption and improved security policies.  The phone is particularly doing well with small businesses and large organizations."

Mr. Zdziarski says these entities might be in trouble as the encryption on the phone is so poorly implemented a simple software tool makes it as easy to view encrypted files as unencrypted ones.  Thieves could extract live encrypted data from the phone in a mere 2 minutes, and have an entire raw disk image in about 45 minutes.  Interestingly, the iPhone itself helps with these tasks – it begins to decrypt data on its own automatically after the extraction process has started.

Corporate users often edit finance spreadsheets and other corporate documents on their phone, as well as using the phone to make transactions with corporate credit cards.  All of this information is easy pickings for hackers thanks to the phone's woeful security.  Mr. Zdziarski surmises, "If (companies are) relying on Apple’s security, then their application is going to be terribly insecure.  Apple may be technically correct that [the iPhone 3GS] has an encryption piece in it, but it’s entirely useless toward security.  We’re going to have to go with the old imperative of ‘Trust no one'.  And unfortunately part of that is, don’t trust Apple."

Still, some companies say that the risks of deployments are worth it.  States Lance Kidd, chief information officer of Halton Company, an industrial equipment provider, which lets its employees use iPhones, "Your organization has to be culturally ready to accept a certain degree of risk.  I can say we’ve secured everything as tight as a button, but that won’t be true…. Our culture is such that our general manager is saying, ‘I’m willing to take the risk for the value of the applications.’  It’s like business continuity.  You prepare for disasters. You prepare for if there’s an earthquake and the building breaks down, and you prepare for if there’s a crack in [information] security."



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Gone...
By BrandtTheMan on 7/24/2009 2:10:18 PM , Rating: 5
I would fire Lance Kidd on the spot for that mind set.




RE: Gone...
By inighthawki on 7/24/2009 2:15:55 PM , Rating: 5
Agreed, last i checked, when it comes to things like earthquakes and naturaly disasters, you engineer the building to withstand the force, and the same can be said about the security of an electronics device. This is merely a bad excuse for a lack of security on the iphone. Just like the architecture of a building, the architecture of software can in fact be designed to counter problems like security.


RE: Gone...
By 91TTZ on 7/24/2009 4:06:23 PM , Rating: 5
quote:
Agreed, last i checked, when it comes to things like earthquakes and naturaly disasters, you engineer the building to withstand the force, and the same can be said about the security of an electronics device.


This isn't fully true, either. When designing earthquake-proof buildings you design them to withstand a certain level of force. The designers know that it's still possible for a huge earthquake to take down a building that was designed to withstand lesser earthquakes. It wouldn't be economically feasible to build structures so strong that they can withstand rare freak quakes.

You need to accept a certain level of risk. You'd bankrupt yourself trying to plan around everything.


RE: Gone...
By Samus on 7/24/09, Rating: -1
RE: Gone...
By GaryJohnson on 7/24/2009 10:59:41 PM , Rating: 3
Greater levels of earthquake protection can cost exponentially more than lesser levels.

On the other hand, it doesn't necessarily cost more to use a better encryption scheme than a crappy encryption scheme. Maybe they had a ligit reason for doing it the way they did, or maybe they didn't.


RE: Gone...
By elgoliath on 7/26/2009 1:46:26 AM , Rating: 2
And you would be right if the guy who said that is the one making the phones/applications. He's not.

Why fire a guy for being realistic? You can never be 100% secure, so firing guy for saying as much is a bit much.


RE: Gone...
By inighthawki on 7/24/2009 11:10:58 PM , Rating: 2
I do understand this, though i was assuming what i said was going to be taken lightly, as you obviously cannot build something that is completely resistant to any force of nature, much like it's impossible to have a 100% secure device. Even with some of the best designed software, there is still room for the risk of human error, though some of it can be secured via software architecture and security models.


RE: Gone...
By MrPeabody on 7/24/2009 2:20:41 PM , Rating: 5
quote:
I would fire Lance Kidd on the spot for that mind set.


I'd steal his phone, find all of his financial information, and then buy a bunch of stuff.


RE: Gone...
By MScrip on 7/24/2009 4:28:16 PM , Rating: 4
Stealing the phone is the biggest risk for any cell phone.


RE: Gone...
By MonkeyPaw on 7/24/2009 7:10:59 PM , Rating: 2
Maybe it's a business strategy?

Put a bunch of terrible ideas on your iPhone and "secure" them, then let the phone get stolen and hope your competitors "steal" your ideas and fail miserably. Brilliant!


RE: Gone...
By xdrol on 7/25/2009 3:42:00 PM , Rating: 2
The article is just about that you don't need to steal his phone for that. Just hack into it, find his financial info and buy a bunch of stuff.


RE: Gone...
By foolsgambit11 on 7/27/2009 5:16:21 AM , Rating: 2
The article here didn't specify whether you needed physical access to the phone or you could do it remotely by connecting through Bluetooth, cellular, or WiFi. I would assume, since wireless options weren't mentioned specifically, and probably would have been if they were a possibility, that you need physical access to the phone. Which pretty much means stealing it. Or 'borrowing' it.


RE: Gone...
By Ratinator on 7/24/2009 2:39:13 PM , Rating: 5
Yep......I think he just made a career limiting statement right there.


RE: Gone...
By Keeir on 7/24/09, Rating: 0
RE: Gone...
By bhieb on 7/24/2009 3:35:51 PM , Rating: 2
Agreed it was a little harsh to blame Kidd. IT is a support division, and as such all we can do is inform management of the risk. At the end of the day if the CEO says we're doing it what is he supposed to do? I don't know about the other IT guys out there, but management makes bad decisions against my suggestions all the time.

quote:
Your organization has to be culturally ready to accept a certain degree of risk.

That nails it exactly. As this article points out that IF you alow iPhones, your company, by that very act, has culturally accepted the risk.

quote:
Our culture is such that our general manager is saying, ‘I’m willing to take the risk for the value of the applications.’

The quote never said he approved that stance just that the GM did. Should he take a stand and say FU I quit, ballsy but I would not recommend it in this IT employment environment.


RE: Gone...
By bodar on 7/24/2009 4:08:40 PM , Rating: 2
This. IT security is always a balance -- risk vs value, security vs usability. You give your educated opinion on which risks are worthwhile, but at the end of the day, you don't really decide anything.


RE: Gone...
By bighairycamel on 7/24/2009 5:26:44 PM , Rating: 1
quote:
Wait wait wait... fire a person who doesn't think its worthwhile to spend the whole company budget defending information?
He couldn't if he wanted; the company budget has already been exausted buying 10,000 shoddy iPhones.


RE: Gone...
By 3minence on 7/24/2009 3:19:02 PM , Rating: 4
Is your company connected to the internet? Do employees have access to critical data? Then your taking a risk with your data. Perfect security is implemented with wire cutters, everything else is just a level of compromise.

Some companies allow PDA's to sync with corporate email, others do not. It's all a matter of what the management is comfortable allowing. Obviously they believe allowing iPhones to be worth the risk.


RE: Gone...
By 2bdetermine on 7/24/2009 6:48:51 PM , Rating: 2
Nah, I would fire whoever hired him as a chief information officer.


RE: Gone...
By cnar77 on 7/25/2009 2:57:43 AM , Rating: 2
Well you can't exactly blame him for his ignorance. He's a CIO not a CISO, CSO or ISO. The "S" indicates Security and he's simply an information officer. His organization may be behind the times especially when the GM has the authority to make the call on what mobile device they're willing to risk the companies assets over. Once again form over function.


RE: Gone...
By sgtdisturbed47 on 7/25/2009 3:03:24 AM , Rating: 2
iPhone is bad for business users? Well yeah, that's automatic. After all, it's not a Blackberry.


RE: Gone...
By robinthakur on 7/27/2009 7:15:51 AM , Rating: 2
Its hard to say no when an Investment Banker is screaming down the phone at you demanding an iPhone or has chucked a laser printer at somebody... They basically get what they want which means that they currently want Macbooks Pros, Airs and iPhones like all their friends have got. Would you like to be the poor soul explaining in a Professor Frink voice "You can't have an iPhone because its not 100% secure because the encryption etc...blah blah blah." They would so get kicked out of the nearest door/window.


RE: Gone...
By AstroCreep on 7/25/2009 9:56:09 AM , Rating: 3
While his statement was poorly conceived, I understand what he's saying; "Nothing is completely secure". Remember about how SSL was "Broken" earlier this year?
Unlikely? Maybe. Possible? Yes.
Here's a couple of links
http://blogs.techrepublic.com.com/networking/?p=77...
http://blogs.techrepublic.com.com/security/?p=872&...

What it all boils down to is if you give someone enough time and the proper resources, anything can be cracked.
It doesn't mean I'm not going to try my damnedest to keep you out of my network though. ;)


RE: Gone...
By murphyslabrat on 7/25/2009 12:13:12 PM , Rating: 2
The issue in question is not about "it can be cracked", as that is assumed. The problem is the speed with which it can be cracked. Two minutes would let you pull some stunt, stealing a phone for less than five minutes, meaning the person would have no idea it was stolen.


RE: Gone...
By wvh on 7/25/2009 11:45:25 AM , Rating: 2
"It's insecure, it's relatively untested, it's probably not even the best tool for the job, but it's shiny and new and I WANT it! WANT it!"

-- The mindset of about any manager I've met while doing security contracting.

People are too hedonistic – security is too stoic an art form for the average human being. One would hope a manager who has to take important decisions would base them on rational thought, but alas...


RE: Gone...
By Helbore on 7/27/2009 6:42:16 AM , Rating: 2
If you're good at your job, you get on and do it. If you're not, you become a manager.


RE: Gone...
By tmouse on 7/27/2009 8:18:31 AM , Rating: 3
Actually you fire him for shooting his mouth off, the smart one's declined to comment. Unless it's your product its generally wiser to keep silent when asked your company has spent a lot on an insecure device care to comment?


RE: Gone...
By callmeroy on 7/27/2009 8:39:57 AM , Rating: 2
As later posts in the thread point out I think firing him on that alone is a bit over the top, especially considering it appears its the GM, not the CIO who really has the decision making authority in that particular organization.

Plus I can sympathize with that CIO -- I worked, for nearly 10 years, in IT for a small 150 user business where even though I was for several years the only trained IT employee in the business or knew anything about security at all - I was over-ruled many times by the CEO, the VP or the Finance guy. It my situation it was almost always over the issue of spending vs. not spending. One case was I was over - ruled on the fact the company was using MS Office, of which they were sharing about 30 copies of it and only had 1 license. Company felt it was "silly" to pay money for software they "already bought". They got dinged on that, a disgruntled employee reported them to the BSA - they paid a tens of thousands in fines.

Sometimes you just have no say in what your company does even if you are the subject matter expert on the staff. Its either that or you are in the unemployment line.


RE: Gone...
By MrPoletski on 7/27/2009 10:51:49 AM , Rating: 1
a) would you want to work for a company like that?
b) will a company with an attitude like that survive in the long term?
c) what the hell is wrong with openoffice anwyays?

no, no, nothing.


RE: Gone...
By callmeroy on 7/27/2009 12:53:02 PM , Rating: 2
Like most things people write or say -- talking about something is one thing, reality is another.

a) I *did* work for a company like that through most of my 20's actually. Money is money -- when the job market is tough and you have bills to pay its amazing what we'll put up with.

b) I agree with you -- but they did very well while I was there, don't know how they are doing today -- its been 5 years since I left there. I do know they were scamming some of thier customers by marking up services exponentially so I hope that catches up with them. (ie. a job would cost $2500 bucks , to some clients that job would be billed at $3500 - 4500 bucks, other clients same scope and service -- they'd charge $10,000 - $12,000 for that same $2500 job).

c) Well I'm not gonna delve into that -- I use open office at home because I'm dabbling in some fictional novel writing here and there, however for the work place I think valid arguments could be made that Office is better for a business environment. To be honest I'd BUY office rather than use OpenOffice if MS didn't price it so insanely high.


... iPhone is Incredibly Insecure
By chalupa on 7/24/2009 4:17:17 PM , Rating: 5
just like its owners...




RE: ... iPhone is Incredibly Insecure
By 67STANG on 7/24/09, Rating: 0
RE: ... iPhone is Incredibly Insecure
By Alexstarfire on 7/24/2009 7:59:36 PM , Rating: 1
It might be at the $99 price point, but not over all. Hell, it doesn't even have flash.


RE: ... iPhone is Incredibly Insecure
By pxavierperez on 7/24/09, Rating: -1
RE: ... iPhone is Incredibly Insecure
By Alexstarfire on 7/25/2009 12:38:49 AM , Rating: 2
I love your insults to my facts. I can't say anything about developer tools since I don't know anything about them. I don't understand why you wouldn't be able to install those programs on a Win Mobile phone though.

I think you just like badmouthing people who state facts.


RE: ... iPhone is Incredibly Insecure
By pxavierperez on 7/25/09, Rating: -1
RE: ... iPhone is Incredibly Insecure
By dark matter on 7/25/2009 4:07:06 AM , Rating: 5
Well you best make sure that pocket of yours doesn't go above 35 degrees or you may find you get less than you bargained for.

Oh, and don't let the ambient temperature drop below zero as well.

Don't use it in sunshine.

Don't hold it in your hand (your hand is 37 degrees!!)

A phone that has a maximum thermal envelope lower than the temperature of the hand holding it. Wow, what a bargain.


By AstroCreep on 7/25/2009 10:05:51 AM , Rating: 2
Well take a look at this patent Apple applied for back in 2007: http://gizmodo.com/5122792/apples-patent-for-iphon...

My guess is it was going to be the iMitt; hold a warm iPhone and still be able to manipulate it! ;)

And no, that is not a fake patent application. They apparently dropped the idea, but not before concocting it! :p


By Alexstarfire on 7/25/2009 11:03:41 AM , Rating: 3
And I never argued that. All I said was that it doesn't have the best browser since it doesn't support flash. Is that an opinion to you? Cause that's a fact. I never disagreed that it was a bargain at that price point, now did I? And I never disagreed with you on he development part. If fact, I said I couldn't even say anything about them since I don't know about the programs at all. Of course, I'm not sure why you start talking about Apps on the iPhone when you were talking about web development before. And I don't see how if the programs work on Win Mobile that'd it'd be any more difficult, but I really don't know.

Why do you have such issue with what I say? Do you not like facts?


By themaster08 on 7/28/2009 5:40:41 AM , Rating: 2
quote:
It's easier to convert an iPhone into a developer's platform because of its OSX underpinning which has its roots in UNIX.

I would much prefer to have a developer platform in which I can rely on the hardware in extreme circumstances, such as the phone being exposed to scorching temperatures of 35 degrees, as mentioned by the above poster.

I would also prefer to have a secure platform. You'd better hope that no one hacks your phone and steals all of your hard work, then passes it off as their own.

quote:
When Apple touted the iPhone as a full fledged computer that fits in your back pocket

It turned out to be a half-baked phone that overheats in your back pocket.

"Fullfledged" would incline that everything available on a computer is available for the iPhone. The lack of flash is just one example of how baseless your claim is.

This is a fullfledged computer that fits in your back pocket http://i.zdnet.com/blogs/oqo_model02.jpg


RE: ... iPhone is Incredibly Insecure
By zzeoss on 7/27/2009 2:49:46 AM , Rating: 2
which phone has the best browser then? (with flash)


By Alexstarfire on 7/27/2009 3:20:21 AM , Rating: 2
I couldn't say, never used a phone that has flash support. I'm 99.9% certain that the SE Xperia has flash support. IIRC the site correctly. I'm also sure that it's not the only phone on the market that has flash support.


RE: ... iPhone is Incredibly Insecure
By Boze on 7/26/2009 1:12:50 AM , Rating: 5
quote:
I can install PHP, Apache and MySQL on my iPhone. It's virtually the smallest portable web development device on the planet.


Yeah, you can install all that crap, but how much productive work are you actually getting done? Don't answer that, I already know the bulk of it: very little . While you're tip-tapping on the on-screen keyboard working on your PHP app to compile a list of bicycle paths in an area, some real developer, who's doing real work that's actually going to turn a company a profit is busy banging out useful code on a Windows or Linux machine.

The only people that use iPhones to develop web pages are iDouches that want to look iCool.

I'll stick with a Windows/Linux box and get some work done.


RE: ... iPhone is Incredibly Insecure
By 67STANG on 7/24/2009 10:37:17 PM , Rating: 2
Correct, the 8GB 3G is $99 and it goes up from there. But for my needs, it fits very nicely. And while it doesn't have flash, it's still a dream to browse the web on, compared to other phones.

Honestly, there are VERY few times I miss the fact that it doesn't support flash. In fact, I'm usually happy it doesn't load flash most of the time.


RE: ... iPhone is Incredibly Insecure
By kmmatney on 7/25/2009 12:28:36 AM , Rating: 2
Agreed - I really don't even notice that it doesn't have flash - it's not nearly as much of a hindrance as I thought it would be. The web browser is awesome (especially under wifi) and beats the crap out of other phones I tried.

I don't think the iPhone any riskier than having a netbook, and it's fantastic as a business phone. Although our "IT" guy doesn't support the iPhone at my company, I was able to set everything up myself in about 10 minutes.


RE: ... iPhone is Incredibly Insecure
By pxavierperez on 7/25/09, Rating: -1
By dark matter on 7/25/2009 4:20:53 AM , Rating: 1
You sacked the wrong person.

You haven't hired an IT manager more knowledgeable or more equipped, you have hired a "yes" man.

Considering the iPhone has a pathetically poor thermal operating range and now it has been shown to have abysmal security you're still banging on about how great your decision was to overide the advice of your previous IT manager just because he didn't want to support the iPhone. Coupled with the fact you treat your IT department with contempt does little for your reputation as a succesfull business person.

Anyway... Me thinks this is nothing but PR spin from Apple itself. I will be letting your superiors at infinite loop know just how crap you are at your job. Next time you take an assignment like this, stick to something you know or something easy to learn. Something like gravel or bricks is about your level.


RE: ... iPhone is Incredibly Insecure
By Boze on 7/26/2009 1:17:40 AM , Rating: 2
The iPhone is a great consumer device, I don't think anyone would argue that, but trying to espouse it as some sort of device that could be "interfaced to our work flow"? Give me a break... maybe if your "work flow" is running around outside all day taking pictures or reporting up-to-the-minute pointless news.

Otherwise, its just a shiny neat toy to increase your e-dong size.


By dark matter on 7/25/2009 4:12:47 AM , Rating: 2
quote:
fantastic as a business phone


As long as your business is an area where it doesn't go above 35 degrees or below zero. Or where the sun doesn't shine. And make sure your employers don't hold it in their hands for too long as that is pushing the device beyond its thermal envelope. And its great for businesses who like to leave spare access cards and key fobs next to their front door. It's great for those companies who don't have any security on their network and couldn't care less about keeping their confidential business plans safe.

Congratulations your "IT" guy doesn't support the iPhone, seems he knows his stuff.


Hacking an iPhone - It just works.
By dark matter on 7/24/2009 2:27:45 PM , Rating: 5
If you want to hack an iPhone, there's an App for that.




By Ratinator on 7/24/2009 2:44:25 PM , Rating: 2
Ha.....give this man a 6.


By Nobleman00 on 7/24/2009 2:59:49 PM , Rating: 2
... and the iphone makes it hack better by design.


By Chudilo on 7/24/2009 3:04:09 PM , Rating: 2
Comment of the day


By Maxima2k2se on 7/24/2009 3:27:18 PM , Rating: 2
Ya ROFL give him a 6!


By pattycake0147 on 7/24/2009 4:21:01 PM , Rating: 2
Easily the best comment of read on here in a while.


By BillyAZ1983 on 7/24/2009 7:22:43 PM , Rating: 2
Hacking an iPhone, so easy a caveman can do it!


This is what you get when you reach at top
By sumant19 on 7/24/2009 4:03:49 PM , Rating: 3
Finally Apple getting a taste of what happens when you gain sizable market share. They criticized PCs all the time about the security and virus issues. The fact is, 85% of users are on PCs. If anyone wants to make a mass scale impact they will target the most commonly used product. Why spend hours developing something that will impact only couple of people here and there.
But with iphone its a different story, iphone did make a sizable gain in user community and with it came the hackers looking for ways to crack it.




RE: This is what you get when you reach at top
By ipay on 7/24/2009 6:13:39 PM , Rating: 2
According to the article they don't really need to look for ways to crack it. Maybe a better challenge would be to find ways to secure it...


RE: This is what you get when you reach at top
By Jalek on 7/24/2009 7:05:25 PM , Rating: 2
Maybe the guy's really just trolling for a job at Apple.
Pointing out security flaws has worked for some in the past..


By dark matter on 7/25/2009 3:49:38 AM , Rating: 2
How does that change the fact the iPhone has worthless encryption?


Apple, incompetent? NEVER
By ipay on 7/24/2009 5:57:26 PM , Rating: 2
quote:
Mr. Zdziarski says the iPhone's security woes are entirely unnecessary and are the result of incompetence.


So the first OS that Apple writes from scratch is useless when it comes to security? I've always held that OS X is secure because it's based on BSD, not because the Apple developers are particularly concerned about security, and it looks like I'm right.

I'm sure all the iPhone-toting heroes in my office will be overjoyed when I tell them they're using a phone programmed by incompetents. XD




RE: Apple, incompetent? NEVER
By 67STANG on 7/24/2009 7:01:25 PM , Rating: 2
You're absolutely right on the money there. They should hire you to program an OS from scratch.


RE: Apple, incompetent? NEVER
By dark matter on 7/25/2009 3:52:41 AM , Rating: 2
Sure go on then, give him a 10's of millions of dollars in funding and a development team and he might be able to make a decent lock at least...


RE: Apple, incompetent? NEVER
By 2bdetermine on 7/24/2009 7:08:10 PM , Rating: 2
Why would a hackers wanted to wastes their time or go after a smaller fish when there is a bigger fish out there to be catch?


1-20-2009
By hiscross on 7/24/2009 10:08:15 PM , Rating: 1
Yes, of course one person says something so many people just want to hear and it's truth. Wow.




RE: 1-20-2009
By dark matter on 7/25/2009 3:54:37 AM , Rating: 3
You do know that father christmas is about as real as iPhone security, right?


RE: 1-20-2009
By eddieroolz on 7/26/2009 7:23:15 PM , Rating: 2
Here's a user who believes in denial...


RE: 1-20-2009
By Helbore on 7/27/2009 6:57:50 AM , Rating: 2
Kinda like how all the Mac fanbois believe all the "facts" in those Apple commercials, right?


Assumes Physical Access to iPhone?
By ltcommanderdata on 7/24/09, Rating: 0
By dark matter on 7/24/2009 2:33:37 PM , Rating: 2
I may have misread your post. But it seems to me that you are downplaying this threat. Not only do people have the phone stolen, but they often just leave them lying around.

What is the point in having encryption in the event that if you lose your phone or have it stolen it is worthless.

You cannot play for human failure (such as having your phone stolen or lose for it) so you expect the technology to provide some security for confidential material.

When you buy a lock, you don't expect it to come with a spare key constantly attached to the underside, do you?


By leexgx on 7/24/2009 2:35:49 PM , Rating: 2
back at ya, yes but any one that intends to crack open the phone would of disabled the data connection or put it into flight mode, as they would know about remote kill


RE: Assumes Physical Access to iPhone?
By Voo on 7/24/2009 2:36:44 PM , Rating: 2
Well that's also a timeproblem, if you can get a whole disk image in less than 1 hour, I'd say it's quite possible that the employee couldn't report his loss in time.

After all you've got to notice that you've lost it, make sure you didn't leave it in the car or similar, then find time to talk to the right person, which then has to do whatever it takes to remote wipe the thing.

In a usual bureaucratic company that sounds highly unlikly to take less than a hour.

And there are a lot of ways to prevent the iphone from getting any connection at all (Pb should do it, right?)


RE: Assumes Physical Access to iPhone?
By Shadowself on 7/24/09, Rating: -1
By Lonyo on 7/24/2009 3:06:10 PM , Rating: 2
It's about encryption.
There basically is none.

Sure, you can hack my PC if you have physical access to it, but if everything is encrypted and protected you won't be able to access the data particularly easily. This guy is saying that due to flaws in the iPhone OS, the encryption is pretty worthless.


Here's a hint
By sprockkets on 7/24/2009 9:07:52 PM , Rating: 4
The security on the iPhone is to make sure you can't install your own apps or pirate various media, AKA DRM, not to secure your data.

That's all Apple cares about: Their bottom line, not yours.




RE: Here's a hint
By DarkElfa on 7/25/2009 3:09:27 PM , Rating: 2
That is the truest thing I've ever read on Dailytech, thank you sprockkets.


John Galt
By hiscross on 7/24/2009 10:16:27 PM , Rating: 2
Let's see a guy who no one has heard of claims to be an iPhone developer and security expert says something against the iPhone and without checking, he is considered OK. Wow, just like 1-20-2009. Now hows that working out?




RE: John Galt
By dark matter on 7/25/2009 4:00:30 AM , Rating: 3
Lets' see a guy everyone has heard of claims that Apple products are naturally secure by design and you don't get viruses like on Windows.

Because is Steve Jobs, he is considered OK and everyone believes him.

Wow, OSX is consistently the first OS to get hacked at the black hat hackers convention, and now this shows the only security Apple ever had was a low market share. Whoops.


Apple is garbage
By chick0n on 7/25/2009 10:16:13 AM , Rating: 2
Total garbage.

Enough said.

Sad thing is, people loves garbage that looks "pretty" :(

Its still garbage in my eyes tho.




RE: Apple is garbage
By DOOA on 7/28/2009 6:03:05 PM , Rating: 2
Certainly a well thought out and documented statement.

Which device you use is less important than how you use it. Lose your phone or have it cloned and you have to change some security stuff. iPhone, Blackberry or laptop, you have to physically protect your information.


WHERE IS PIRKS !
By chick0n on 7/25/2009 10:33:38 AM , Rating: 2
WHere is that jerk? I mean ... Pirks ?

Your beloved Apple is being bash again ! What are your defenses this time ?




RE: WHERE IS PIRKS !
By encryptkeeper on 7/27/2009 4:29:21 PM , Rating: 2
Pirks = Lance Kidd's DailyTech username.


ut oh...
By lagomorpha on 7/25/2009 6:05:17 PM , Rating: 2
"Jonathan Zdziarski, an iPhone developer and a hacker who teaches forensics courses on recovering data from iPhones, hasn't been very impressed with the iPhone's security -- or lack thereof."

Sounds like a certain Zdziarski is going to have the applications he's written for the iPhone disabled by Apple for "malicious software" or some such excuse.




RE: ut oh...
By robinthakur on 7/27/2009 7:40:06 AM , Rating: 2
And let me guess, he just happens to have a application coming to market soon which offers 'proper' encryption? How often is this cracked in the wild might I ask? Is a physical connection needed or can you crack it over he wifi/BT connection? All pertinent questions, which haven't been asked. If the flaw is that massive, i would expect Apple to address it fairly promptly especially with their big push towards big business and the healthy appetite for iphones there currently is in that sector.


By ggordonliddy on 7/26/2009 2:14:52 AM , Rating: 2
What kind of complete iAs$hole would buy iPhones for their employees to use? Such people should take a cheese grater to their face and private parts.




What is 100% secure these days?
By msheredy on 7/28/2009 11:53:31 AM , Rating: 1
Anything? I didn't think so. Everything has a vulnerability so really this is just a moot point.




By SiliconAddict on 7/28/2009 8:06:35 PM , Rating: 1
There is doing duediligence on your devices security so its at least best effort and then there is just not giving a shit about security on your product. Guess which one Apple falls into because they can claim its just a consumer product.

Anyone who uses an iPhone for business are brainwashed iDiots who buy Apple because they know nothing about tech.


Iphone
By zzdinko on 8/1/2009 9:34:43 AM , Rating: 2
IPhone is stil lthe greatest thing since sliced bread!

RT
www.anon-web-tools.us.tcFW




Wireless eavesdropping...
By encryptkeeper on 7/27/2009 4:23:53 PM , Rating: 1
Unless I missed it in the article, there's no mention about the wireless security of the iPhone. I've been told that with a WiFi connection and a computer with certain software, it's possible to eavesdrop on text messages from the iPhone. I thought it sounded like complete crap, although I suppose it's possible that the eavesdropping requires more equipment than a WiFi connection. Unless I misunderstand, the WiFi and phone (or texting) capabilities of the iPhone are two different processes, so is any of this true?




“Then they pop up and say ‘Hello, surprise! Give us your money or we will shut you down!' Screw them. Seriously, screw them. You can quote me on that.” -- Newegg Chief Legal Officer Lee Cheng referencing patent trolls














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki