backtop


Print 91 comment(s) - last by zzdinko.. on Aug 1 at 9:34 AM


Apple says its iPhone 3G S is "ready for business", however one leading hacker calls it "useless" for business users, thanks to its woefully poor encryption and security. He says the phones pose a serious threat to companies adopting them. Still, some companies say it's worth the risk.  (Source: The iPhone Blog)
The iPhone yet again experiencing criticism over poor security

Jonathan Zdziarski, an iPhone developer and a hacker who teaches forensics courses on recovering data from iPhones, hasn't been very impressed with the iPhone's security -- or lack thereof.  Mr. Zdziarski has indicated that iPhone OS v3.0 is a bit better when it comes to security, but he says with only a few pieces of readily available freeware you can easily crack it in under two minutes.  That news must be concerning for the corporations and government agencies that support the hundreds of thousands of business iPhones Apple says it has sold.

Mr. Zdziarski says the iPhone's security woes are entirely unnecessary and are the result of incompetence.  He states, "It is kind of like storing all your secret messages right next to the secret decoder ring.  I don’t think any of us [developers] have ever seen encryption implemented so poorly before, which is why it’s hard to describe why it’s such a big threat to security."

His statements stand in stark contrast with Apple Chief Operating Officer Tim Cook's cheerful news that 20 percent of Fortune 100 companies have purchased 10,000 or more iPhones apiece and that multiple government organizations had purchased 25,000 iPhones apiece.  Mr. Cook had bragged, "We’re seeing growing interest with the release of iPhone 3.0 and the iPhone 3GS due in part to the new hardware encryption and improved security policies.  The phone is particularly doing well with small businesses and large organizations."

Mr. Zdziarski says these entities might be in trouble as the encryption on the phone is so poorly implemented a simple software tool makes it as easy to view encrypted files as unencrypted ones.  Thieves could extract live encrypted data from the phone in a mere 2 minutes, and have an entire raw disk image in about 45 minutes.  Interestingly, the iPhone itself helps with these tasks – it begins to decrypt data on its own automatically after the extraction process has started.

Corporate users often edit finance spreadsheets and other corporate documents on their phone, as well as using the phone to make transactions with corporate credit cards.  All of this information is easy pickings for hackers thanks to the phone's woeful security.  Mr. Zdziarski surmises, "If (companies are) relying on Apple’s security, then their application is going to be terribly insecure.  Apple may be technically correct that [the iPhone 3GS] has an encryption piece in it, but it’s entirely useless toward security.  We’re going to have to go with the old imperative of ‘Trust no one'.  And unfortunately part of that is, don’t trust Apple."

Still, some companies say that the risks of deployments are worth it.  States Lance Kidd, chief information officer of Halton Company, an industrial equipment provider, which lets its employees use iPhones, "Your organization has to be culturally ready to accept a certain degree of risk.  I can say we’ve secured everything as tight as a button, but that won’t be true…. Our culture is such that our general manager is saying, ‘I’m willing to take the risk for the value of the applications.’  It’s like business continuity.  You prepare for disasters. You prepare for if there’s an earthquake and the building breaks down, and you prepare for if there’s a crack in [information] security."



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: ... iPhone is Incredibly Insecure
By 67STANG on 7/24/2009 5:17:53 PM , Rating: 0
I'm insecure for owning and iPhone? I'm a web developer that wanted a phone with a "real browser" as I appreciate the web more than most and also wanted to develop some sites that had mobile twins. None of the other phones I tested had a browser as good as the iPhone. None. And I'm usually (99% of the time) an anti-Apple guy.

That said, I only paid $99 for my 3G phone. I'll wait on the 3G S until they come out with one that doesn't overheat (and when it's $99).


RE: ... iPhone is Incredibly Insecure
By Alexstarfire on 7/24/2009 7:59:36 PM , Rating: 1
It might be at the $99 price point, but not over all. Hell, it doesn't even have flash.


RE: ... iPhone is Incredibly Insecure
By pxavierperez on 7/24/09, Rating: -1
RE: ... iPhone is Incredibly Insecure
By Alexstarfire on 7/25/2009 12:38:49 AM , Rating: 2
I love your insults to my facts. I can't say anything about developer tools since I don't know anything about them. I don't understand why you wouldn't be able to install those programs on a Win Mobile phone though.

I think you just like badmouthing people who state facts.


RE: ... iPhone is Incredibly Insecure
By pxavierperez on 7/25/09, Rating: -1
RE: ... iPhone is Incredibly Insecure
By dark matter on 7/25/2009 4:07:06 AM , Rating: 5
Well you best make sure that pocket of yours doesn't go above 35 degrees or you may find you get less than you bargained for.

Oh, and don't let the ambient temperature drop below zero as well.

Don't use it in sunshine.

Don't hold it in your hand (your hand is 37 degrees!!)

A phone that has a maximum thermal envelope lower than the temperature of the hand holding it. Wow, what a bargain.


By AstroCreep on 7/25/2009 10:05:51 AM , Rating: 2
Well take a look at this patent Apple applied for back in 2007: http://gizmodo.com/5122792/apples-patent-for-iphon...

My guess is it was going to be the iMitt; hold a warm iPhone and still be able to manipulate it! ;)

And no, that is not a fake patent application. They apparently dropped the idea, but not before concocting it! :p


By Alexstarfire on 7/25/2009 11:03:41 AM , Rating: 3
And I never argued that. All I said was that it doesn't have the best browser since it doesn't support flash. Is that an opinion to you? Cause that's a fact. I never disagreed that it was a bargain at that price point, now did I? And I never disagreed with you on he development part. If fact, I said I couldn't even say anything about them since I don't know about the programs at all. Of course, I'm not sure why you start talking about Apps on the iPhone when you were talking about web development before. And I don't see how if the programs work on Win Mobile that'd it'd be any more difficult, but I really don't know.

Why do you have such issue with what I say? Do you not like facts?


By themaster08 on 7/28/2009 5:40:41 AM , Rating: 2
quote:
It's easier to convert an iPhone into a developer's platform because of its OSX underpinning which has its roots in UNIX.

I would much prefer to have a developer platform in which I can rely on the hardware in extreme circumstances, such as the phone being exposed to scorching temperatures of 35 degrees, as mentioned by the above poster.

I would also prefer to have a secure platform. You'd better hope that no one hacks your phone and steals all of your hard work, then passes it off as their own.

quote:
When Apple touted the iPhone as a full fledged computer that fits in your back pocket

It turned out to be a half-baked phone that overheats in your back pocket.

"Fullfledged" would incline that everything available on a computer is available for the iPhone. The lack of flash is just one example of how baseless your claim is.

This is a fullfledged computer that fits in your back pocket http://i.zdnet.com/blogs/oqo_model02.jpg


RE: ... iPhone is Incredibly Insecure
By zzeoss on 7/27/2009 2:49:46 AM , Rating: 2
which phone has the best browser then? (with flash)


By Alexstarfire on 7/27/2009 3:20:21 AM , Rating: 2
I couldn't say, never used a phone that has flash support. I'm 99.9% certain that the SE Xperia has flash support. IIRC the site correctly. I'm also sure that it's not the only phone on the market that has flash support.


RE: ... iPhone is Incredibly Insecure
By Boze on 7/26/2009 1:12:50 AM , Rating: 5
quote:
I can install PHP, Apache and MySQL on my iPhone. It's virtually the smallest portable web development device on the planet.


Yeah, you can install all that crap, but how much productive work are you actually getting done? Don't answer that, I already know the bulk of it: very little . While you're tip-tapping on the on-screen keyboard working on your PHP app to compile a list of bicycle paths in an area, some real developer, who's doing real work that's actually going to turn a company a profit is busy banging out useful code on a Windows or Linux machine.

The only people that use iPhones to develop web pages are iDouches that want to look iCool.

I'll stick with a Windows/Linux box and get some work done.


RE: ... iPhone is Incredibly Insecure
By 67STANG on 7/24/2009 10:37:17 PM , Rating: 2
Correct, the 8GB 3G is $99 and it goes up from there. But for my needs, it fits very nicely. And while it doesn't have flash, it's still a dream to browse the web on, compared to other phones.

Honestly, there are VERY few times I miss the fact that it doesn't support flash. In fact, I'm usually happy it doesn't load flash most of the time.


RE: ... iPhone is Incredibly Insecure
By kmmatney on 7/25/2009 12:28:36 AM , Rating: 2
Agreed - I really don't even notice that it doesn't have flash - it's not nearly as much of a hindrance as I thought it would be. The web browser is awesome (especially under wifi) and beats the crap out of other phones I tried.

I don't think the iPhone any riskier than having a netbook, and it's fantastic as a business phone. Although our "IT" guy doesn't support the iPhone at my company, I was able to set everything up myself in about 10 minutes.


RE: ... iPhone is Incredibly Insecure
By pxavierperez on 7/25/09, Rating: -1
By dark matter on 7/25/2009 4:20:53 AM , Rating: 1
You sacked the wrong person.

You haven't hired an IT manager more knowledgeable or more equipped, you have hired a "yes" man.

Considering the iPhone has a pathetically poor thermal operating range and now it has been shown to have abysmal security you're still banging on about how great your decision was to overide the advice of your previous IT manager just because he didn't want to support the iPhone. Coupled with the fact you treat your IT department with contempt does little for your reputation as a succesfull business person.

Anyway... Me thinks this is nothing but PR spin from Apple itself. I will be letting your superiors at infinite loop know just how crap you are at your job. Next time you take an assignment like this, stick to something you know or something easy to learn. Something like gravel or bricks is about your level.


RE: ... iPhone is Incredibly Insecure
By Boze on 7/26/2009 1:17:40 AM , Rating: 2
The iPhone is a great consumer device, I don't think anyone would argue that, but trying to espouse it as some sort of device that could be "interfaced to our work flow"? Give me a break... maybe if your "work flow" is running around outside all day taking pictures or reporting up-to-the-minute pointless news.

Otherwise, its just a shiny neat toy to increase your e-dong size.


By dark matter on 7/25/2009 4:12:47 AM , Rating: 2
quote:
fantastic as a business phone


As long as your business is an area where it doesn't go above 35 degrees or below zero. Or where the sun doesn't shine. And make sure your employers don't hold it in their hands for too long as that is pushing the device beyond its thermal envelope. And its great for businesses who like to leave spare access cards and key fobs next to their front door. It's great for those companies who don't have any security on their network and couldn't care less about keeping their confidential business plans safe.

Congratulations your "IT" guy doesn't support the iPhone, seems he knows his stuff.


"If they're going to pirate somebody, we want it to be us rather than somebody else." -- Microsoft Business Group President Jeff Raikes














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki