Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Analysts: iPhone Has Neither Security nor Relevance



 By: Lisa Vaas
2007-06-22
Article Rating:starstarstarstarstar / 3


There are 0 user comments on this Network Security & Hardware story.


  Table of Contents:
  1. Analysts: iPhone Has Neither Security nor Relevance
  2. ' Risky Internet Links '
  3. ' Microsofts Answers '

Rate This Article:
Poor Best
Analysts: iPhone Has Neither Security nor Relevance
( Page 1 of 3 )

Take your pick: The iPhone is either a "security nightmare" or pretty irrelevant to enterprise security.Apples upcoming iPhone: Its a "security nightmare," it will "turn your security team into zombies," and Apple is possibly "using the Windows Safari Beta Test to stamp out iPhone security holes."

Or, then again, depending on which iPhone watcher youre paying attention to, the iPhone security is irrelevant compared with "insecure wireless access points, tape backups disappearing, wrapping your newspapers in customers personal financial information, and stolen laptops."

Click here to read reasons why the iPhone will/wont succeed.

The iPhone wont go on sale until June 29. Up until now, and probably until it hits retail shelves, Apple has given next to nil information regarding the security features its first smart phone will have, making security analysis little better than conjecture. The few pieces of security background analysts have to go on include these tidbits: 1) The iPhone will run on Mac OS X and 2) the iPhone will run Apples Safari browser.

Resource Library:
The security experts who are worried about the hot, new gadget base their fears on the fact that the iPhone will be capable of much of the same functionality as the BlackBerry, without the enterprise-class security: The iPhone can access e-mail, the Internet and SMS, and it can store a plethora of sensitive data in its contact and organizer functions.

Click here to read about whether enterprise IT managers can keep the iPhone out of their organizations.

"The BlackBerry has over 200 security policies that permit enterprises to turn off its camera, force password changes" and prevent browsing certain sites, among other enterprise-class security features, said Ken Dulaney, an analyst at Gartner. "Im 99 percent sure thats not where the iPhone is taking it. If [such security features] came from anywhere, it would be from third parties. BlackBerrys are going to kill [the iPhone] from a security [perspective]."

Note: The BlackBerrys security profile isnt necessarily faultless: Symantec researcher John OConnor put out a whitepaper on hacking the device in the fall. The paper was subsequently removed from Symantecs site, however; OConnor said the reason for the removal was that he hadnt considered "the effectiveness of all possible security features that might provide mitigation of the impact of malware and the management of application permissions."

Still, BlackBerry security headlines have covered, among other things, a DoS (denial-of-service) bug in January 2006, the release of exploit code in August 2006 and the ability for attackers to purchase a $100 API developer key to enable data theft off the devices.

Click here to read why you can expect to see iPhone-style features turning up in competing handsets.

Andrew Storms, director of security operations at network security firm nCircle, who called the iPhone a "security nightmare" in a recent post, has gone so far as to post a list of security-related questions that he wants Apple to address in a public forum before organizations "reel this new gadget into" their security policies. To wit:

  • Is data encrypted while in transit?
  • Is data encrypted on the device?
  • Is data encrypted on removable memory?
  • Is data removed if the device hasnt checked in centrally, hasnt received a policy update within a time window or if battery power is too low?
  • Is there S/MIME support?
  • Is there PGP support?
  • Are there electromagnetic analysis countermeasures?
  • Are there DRM applications (ability to read, but not forward data)?
  • Is there user authentication by means of password, passphrase or smart card?
  • Does the device automatically lock and require authentication to unlock?
  • Are the encryption keys stored on the devices, and are they also encrypted?
  • Do the network devices have firewalls?
  • Are the network interfaces disabled by default, and does the user have the ability to disable at will?
  • Is there the ability to remotely lock and disable the device?
  • Is there the ability to remotely wipe and back up data?
  • Is there the ability to centrally develop and enforce policy settings?
  • Is there centralized reporting of all device events—calls made, data transferred and usage statistics?

    Gartner plans to recommend that businesses dont allow iPhones to come onto their premises.

    Not that the iPhone is as potent a potential threat as a PC, Dulaney said. All phones have a security advantage given that they sit behind operators at, for example, Cingular or Verizon.

    Next Page: iPhone faces Internet risks.





      Reader Comments: Analysts: iPhone Has Neither Security nor Relevance
    >>> Be the FIRST to comment on this article!
     


     
     
    >>> More Network Security & Hardware Articles          >>> More By Lisa Vaas
     


    • x}ks8q8cH)ٖcmlk)&ut(8H-I?q /=hɏgo<["Fh4Iș3"9)ٝfߧGo-zIjû@@ezNULsJԶnT7n[#3P/? kLNშ bH%cjA]k&#{F}W&2F6\3Ѣfb ^Pk$ȁ_Mܦ%yH}LDRNϊmzO|׶ַ0>t@ߨVANÉ,}!*{:OJ%hᐨ1"|x\gOгƏ;gPQ~X?>خq4]"X'[vkx!Dy!rs#gsݻ`$fRvGn(Gd`jĤAR-XD2M*-f;Ӂk)ux55\`p)jPX6{n_w$z(֝z$]+~daSCqH'l6XpaRښg?-I| H8CEnU![۾tsgOffe$ENX*o~cn>LjXv=:}Yͼ`F3l˸;4 @SKVUBX)ځ^rwwӽm˙[8ӼNǯ3jλ ]` vdu]+h5U9鑋;yи83D9+to&37`JLTRB`d"A 1v|5 3P%JV4E; KHr SdXIC/YTU![cҺ赮.鵎Nڭd̲1<JEӀ Zvb"?ZWkqKN:W}"+|qg5M0\̱:֪V]`CK'^C&A]R${3BDȭ`g/3A.r)i t`o8{ØWX\E< [˚&zlNTVʒ0Wb{(QO .uFVuLn?LqJXx7Y`A-E`\77J_)Ab/*5U95|Qnl :2X jX2nҡ>OςIutO|BMk6tI< EC#mxqZ.S+ЍEXn`vt"I47X0=cOg6%_¤>< V=H:}mP``#eg! uK ΝdrkoMC?Ftzt t,/G`\@8)Hpy E]ub3B[>ȁ=woMou &QsfPBԁ.q<ɜ+) X@H>'hI#r Bг!,`@o%`9`P􎄰R1iJlRi 3wRTD;7 KŔ=*%nqR%a 934YIjL=?j1!UG,D`v9J,L.[ O6je[+R,4T(9 uO+ZIQ Q#U^?)p[L9 =:3MG3{wD` [q37oj7ab#C[l;2` Mbb6c{A3uOP#'Կ ;3ס.ç[N=\҃1 4fgܗ n'd50K%gYA3'|(@]4>+WUPÃ"`"+42[=! = \PȭT)w^IY䞅T_9YX X` ,R?v'6I Xh8G/C4jM24$֒fRu-zց$l J=Ұ.Z*![r5}a׼6F]RZRKHDlPc/΅ò={j -j&[?&TYOLYV<jISʁbY;7l ʸfJirir68u>)MKϵ("ݩ{zl>vGl#p:hBJmHw:vJ[Y*,aRhjUVL-F*|( +ҵ瓩; Ң{Z^Sv;Za6OZ- VU>cCLmRM}Bu߲ӧ㎃WKH.ZYCٰ\R ~j"yd\s˰e0Ȧ\Q݀+ RN0])Xk±&>,<<+ڂh0A  ~"]j90 h3}!T0|,WTˈ`mS@AkSU Փpm@݀Ē@a1:C.5fz_=2dB4]ej,A@{BRT j%&09*ERgD+9NԀN_㬯8^~b-4/|Qj}zMMG>sn.μ + '3E<&V$,p2HU>X}`/cҧ8@ĺU0UESUG++^>F]hC\4<}gc4pf mWq=YJkjXXRO-8 _k9 c ,rڹm?ReW᧘TVQqiϹu8|[\ZS Q|7z0dƏQabY[ ສTjՂʾ_ڳqWcg)h"QkF:Fd@tΈ+6RЎT8ί!)q>:(TX7cmE{H^ac7U[@oF)/ZGG&hTJD4875íJx[|8.ozJ~Qby2UG3dߊ'zfk}#{-%r zĀDh{ ~|UM+%ۂe2&0҃F5c;[* <Wk*k.zuf6a*r1=_?L] [L4zɖ0`OO- v uhՂrO'(3߹rf>k5VΚ>9lv'G< hr͵m7f>;"c'ۭ>Ra#Z7pթrVgHWtČerN-×ɴ~<^g?UU;MyUf̐,*Aj]K>a51r&`֮o,sqIy>ML "iBq=C H\WK{(,~W9ـo |\V*Z솃d9#T`| @-!y?'߾b[D ?wLaV*c7x~.Rȓ$>DQkF\12a7ZPf#111u/x{~iwoתۃ)bn}+ =|Y+ t;?\{}EO:iϾ&=~?<{>aa= ^"};Zj\.0M_qt@`UUű>o~hc0.[mj2m&A)`o>{9"b{<>n_|;ᳳI/`yA+^s.7>/ė4G?w@-)u ׹o= r@pAj?\'d0| stj^7b `[&IEqD=Sk!xΰ;h!/g^|%\I\5g0 `m7c!Ί V`!w1dOR (ʁHR ~tq{yN .gfO$@A48XS(+RJ)"4FYO |ώ[G&g <@&9NgpDﶿPo1Mr!}K_cOߗf4~ P=8Y,lrh%縵vq3a~:)}B/g-N9˝~@Ҽv(o ="HtSϭ+}2L:&r֚S%[@aLӆ'>eax!w mn?8D@ISL'SQ(I[`deanKl?aRL锐'.ϓ|Nhk'I^VR6T$4%!44QLNbC]F+C7g ҽl^lNpVHpo6_xvImK$Ζˬ&!̗4.נzY8V#vp~t`}QגZ4ҫoeW!9 ?<)9Gs`*#=SL aʕ}rWkb~]4ZU$=ݙ8F`푶cɹ``'#9ʼS3`Z GW ./}ĿW}1kyT̵jПs2]c>^Y ]s>ͥ=`8M\gwhG(V=w9c2G4aϝUkݮ< #3Cӝ薃]LH׺"͋/SP+]Ƃ'z :t{DoX7ۨ;.|ʜ(=~!GFzzy}:9oa`JgfnmԕELf0>ovR8}'i?wݷ;i9niamUzx J}~Nl't2D(jySa{wȪ̅S.ۉNgS^q,<&j%3 =ki^x̠t8s 7{~}!.u?.sT7?_eҰKw= =z .+-R!EkEwWUK OWgʢE:'%mK`#iv.R_;+!bi4V;Tf{ds̷kH:>dO>^jDmY ~'AXy Vorl8Grs&}x2F'eۡ܍)“g$`GDA|ég6A jmgwpUE0p>-KHbwl[#ƣt-C򽱢vpf:qp*/9;LmXS|  \(.BӞ Xl떟2d]ԶZYɻb}, u']}Ha!3}qfPSCǽ'I_tAldX+U nx~9~Il~ =eۄ{)6MK0uF^YC{Mclj~n2>\OpE15`lfxNhB;:0erʄB&X FˬWJjC__n:$AgQ5"?gF9g~͋&빃,3~[-kjV; 5j|jLDxDF#Ȃd pOE5˜cyj^= TIooD6S nj[,:,ʠ d}.YMh4qimAhӔ׆.CL'}1QXT(Mbf[" */Uƒ+,VMb'L$5J^I?yDD" ^\Vb D:(10ަGb8c=>ڄg=SLxE֨}eZ˧$LoD@oph .5}0zAOQPZZpa(ghkڟml|Ƣ({Xmޤx?SllX T؉ j]|t^VZ-aIy#3?:b[P)2 z['Lalu6 ˵,KtA|m`/#ҩCQԓB^r\O)bPCN9jw0 EF$/I8 $̅(wOdI$!@/-_*yFS%M{oFնⓚZڔO OK<|e-%ʖ\LkqhH2,Ͱ1z܇* )HjPQhsRa*+@wuqC|mjv.'lE?2@tKu8XFRh*u'LtVftJ oIUE-JL$5`IK8XtC`5K"B}=/B<G=jʦ|XyɹVU$H%d)#0Tj:Z/]S.r%Y.ALd%pw V B~ ti&NŘ4p65Kǖς@21\ FB5g93t_ں0|;;D0NB$b }w65G s*l~mO{CV+<%ɕvH̖㣫lv1i-.} znٞ(`|l B$D Hb܃_ý8Qj< yE}t/SO:wh$CZK  nrLYODH:تQzѭo)z`,W=]$ax7ju@X|V T- Zq #5BO"a[famI6^1Y#sS7gs FcAC53 EϝJ(bNt)vp6ko0ŽL@p+csνGu<iBlKƖ/|k/dt VlZSw tI]uⳅ=3\%H07:3 vy-"ضmX S)r&;5v6yIIci\ZۉҽV2! v e{]_g+^εnU˸m3um!7&.(T zΕ[5s^!`Vy7I*Dv)b y;BSksYS^Iͽڦ/h P|F01  c s(\=~ӧS@VE[6,щ{K*eX -}-%2[>zy{¡YKj|!&[JD:`7SSD 22 Jf68 h` n \D/'? .\.ޮb">U&ܺF?s_7/= ^Fx)CqɃ˼ uM^Nړm!N{{X ђ,#Ћ'gÌRdt3 3"n;? <;F1 b\N鬆X<d t7,G?PM=яw[ň> *6V8E -96i[> O]I a!/(!/D.>qaI{Md&{ǘ$ auEMm&; kap*bl\M>'p.dˋ}AE!Ljᾠe3)Mt{aҰ>FSYh9r!11\R[~RSWK.>%܋%ӊ,ƻ.c 2[S!1c}TA9-)j" .jD-~0+h1|̓bfă ZOka`;Xikj=!vgC` K.қ≠D37:VYs;7H'ܪzFwIf@jR>]h?1G{US*ZDc]v! 6TɕFsk$-1,TOಈ{=ב:ۮŸ=/bZN{4Mw;a]X2sس&Q&Z:<~Q-mERbdk?o(?L@O `ʖC/0UzpW}@}wújSsb= ^Rc"Wc -~29Qc:q_`ci*qwM[*{5YJ-h>#Թ_Ep_t[6K(B5tMG =& )<]С reOJoIg/4~xl@"s? I:2^cMr+7LCDWROW\q\X!,E||0XV$ʽOg-'B s|=>ƒsH ]TW\A&x Oғ]g]LªC^M}S l  \Zs4aozEW)̼n_dÀ3{QEDϤ"c*41GJ[!}seMNZpxXҚ0! YC) Q? x26 mDRPi ctkX,;j9{5A=ӾdbWoP$P +wdc||9O_H"d&@Q:AU 7OT-,(!簺)%D7UI8FE0]F"^ ӻq ߍqWiN +fɻS:rtT(ʞ2|{` f> cWv[7'ΥiDZ|xL ]ǒ 4Bq0hVX!oX6ce3JP>bJU(IhRW|W |+R0oo@fY#Utӄ^I+\A] / PIZ  W{}KISko;7}srҹ"MrrjU\YODa[+p \MnaQIuyվ'31F;6M&JrdeAN.-f(D3\h^E,^;KK"顱8ԝ(k.!jbTũ4M?z WnW˦V\k!h<@Vʼnt,ZSrZOmj6^V CptYmn¸~(hOuQt.ZFhR3`dzP1+(GMfFy;@VF/?d!vq^_>5_;?ϴ/2vnF( eٮq1>,@ }3s?9yg'EF/>CS(?(-3a|/2"C~.`.2Ưw2dN~Kx2+ BB2(O_23*}g ]CuV9u^C_]g_ryʛrּą)aFy)8RErXB]dנ/ydֺWWV5VlNA6Kրg>YپGh O D,| e%Hi_1\n9>_}#xr܌3:Xw[Gڽ/ii]]4-ЙMA]e[i"B8#0dH= S0"wEmz(J {0vǝL;a[@R'l VT+[-WJr 7{DDã*R%}e`R++PPफ़h[iRo視 yVi8an%[z?"0^?&GGuD_ŗ1] {7/ ^"_{_۱ Cf@2b'`{z9(h$3o 3mF6.eа!,%sv[F0 #|򷁞NM3DX&58W!-76@c d߻E!,̇ O?g)b|+}*Յo\&3]" 9oє^\C΅*˗ X֭2gx¡}uQY?gY'lybb)mԿ+ H:uH-;$} F(r!>pax~pt䍛4s1:X?aprb2 BL'o&x W4FȊ+qTM{p11OxWtcLiU/N 6틷'YLAƊv3Fdu#aq1+ )?M::Dtx^3u9N"Mџ6̈wy&bb ?0g3g;S 0@ `;Lx wLJ ?[>KGJLƎ$}mM91r&S)Y`_GFb#+&<ͅ*q8w ɰ\,Nd=*VF}v{VX#eMNL/E۾$]מ V]ނ?& hƵaitS4H(d454tZзkdYŝ"ə W Bx YT8T"vc{[/AI)H[aʹD6vn =c,/|x/ē_| Obx`#Yұ ߚP TD"vy9= |IӤd/+2b%#HYUҎ?Bo&^!#R.ܐOF{/)0XPy74<p2I0 `{)`, "@"drtPŗ-;  Mm+#84B>ܼmQ޺%pm.;x<,O1Su Ыv.9|x@loM.1ue|nHHUƧf2{M;:h u-IS`Ba2\PGx kyfŧW<߶nJP+jdV@8l:ؖ?^ c/!+$~Il=du-Wr 1e~8Şi#d}@ ](ۊnfة`y%K@44 pS`hup#1tVB\ (at!L/Q!?cumnBQXƺa#¶u4mѱoXL\7TTVwQo)A\'X3'5cgb@8f{9rW=?5zlvjsxy|u2^GB~@dyX\F ZxyU~ҥN.I,g`aQd+8*)ؐrm5'0X1'(R9(t&0 'Ɣ ϰO"- sK׶9),#w:gy/|gvC{%=\s&&tصa=%hw2b5_yfϸ1,#ֻŠN|]嬵t1NʓEO:iϾJz{`gnk+O(QF2p_Q|9\`g` /=l}ptq,m9EKB\ D>Vy|ܾ &ȕ/g2F#oUAޚZf]Z%Nbj| dl3W R6vSF'a9PU>\JBS+$X/WfDNƇ̎}>4m&l2)v}ml-c6C-; iQO-