Login  |  Register  |  Contact

iPhone Security Updates

Like many potential iPhone buyers, I have been checking the news releases from the Apple WWDC every hour or so. Faster speed, better camera, better OS, new apps. What’s not to like? From a security standpoint, the two features that were intriguing for me and (probably) many IT organizations are the data encryption and automatic remote data wipe options. From MacWorld:

For IT, Apple has added on-device encryption for data (backups are encrypted as well), plus a remote wipe-and-kill feature for Exchange 2007 users. Non-Exchange users can get remote wpe-and-kill if they subcribe to Apple’s consumer-oriented MobileMe service. In either case, the wiped information and settings can be restored if you find the missing iPhone.

Much in line with what I was thinking in the Friday Post, it appears that Apple developers are way ahead of me. This clears a couple major security hurdles for corporate adoption of the iPhone, and helps the iPhone to continue its viral penetration of corporate IT environments. Very smart moves on their part to fill these gaps. The “Find my iPhone” feature is a neat bit of gimmickry, and helpful for distinguishing whether your iPhone went missing or was stolen. I have trouble believing it would be very effective for recovery, but it is enough information to decide whether or not to remotely wipe the device. And with the ability to recover wiped data through MobileMe, there is little penalty for being safe.

Then, leave it to AT&T to kill my happy iPhone buzz. Tethering? Nope. Any product vendor will tell you that that if a customer asks you when they get some cool new feature, you talk about what a wonderful advancement it will be and then set realistic expectations about when it will be available. Your response is not “Well, that will cost you more”. No wonder AT&T was booed on stage. It looks like by the time tethering is available, AT&T will no longer have its US exclusive arrangement with Apple, and no one will care that they don’t seem to care about customers. Or timely feature enhancements. Or that they are denying loyal Apple/AT&T customers a discount to buy a new phone and give the old phone to someone else who will need to use AT&T. You see the logic in that, right?

—Adrian Lane

No Related Posts
Previous entry: How Market Forces Will Alter Payment Processing | | Next entry: Database Encryption, Part 2: Selection Process Overview

Comments:

If you like to leave comments, and aren't a spammer, register for the site and email us at info@securosis.com and we'll turn off moderation for your account.

By tim  on  06/09  at  03:50 PM

Remote wipe won’t work if the phones not on the network.  So if you find one - just remove the sim card.  The blackberry has an option that will tell it to wipe if its off the network for a specific period of time.  But apple is getting closer.  Also - its unclear what the encryption is and how its deployed.  I haven’t been able to find any real information on it.  I’ve enabled the encrypted backups but still looking what is and is not encrypted on the phone.

And the ‘find my iphone’ feature stops being gimicky once you actually lose the phone.  These feature would of helped me when I did lose my iPhone back in January.  I thought I lost it running errands but it was in a snow bank in front of my house.  Somebody found it when the snow melted and called me.  And thing is - after a month in a snow bank the darn thing still worked.

By Rich  on  06/10  at  10:19 AM

Apple does have a passcode lock with wipe option- I think the combination of the 2 is pretty reasonable, assuming users turn on the feature (which most won’t).

Name:

Email:

Remember my personal information

Notify me of follow-up comments?