With Apple pushing harder and harder to get the iPhone a foothold in the business ... Apple iPhone News forum
iPhone Cryptography Lacking
With Apple pushing harder and harder to get the iPhone a foothold in the business market, it seems that one of the most important considerations would be device security. Just think of all the emails and phone numbers floating around on the devices of some of the top executives today, containing new ideas, internal memos, and who knows, maybe your name, address, and phone number. However, according to one industry tech, the encryption method in the new iPhone 3GS is no better then previous versions of the device and is "useless for businesses".
Jonathan Zdziarski, an app developer and proclaimed 'hacker', was quoted as saying, "I don’t think any of us [developers] have ever seen encryption implemented so poorly before, which is why it’s hard to describe why it’s such a big threat to security." and "It is kind of like storing all your secret messages right next to the secret decoder ring.". He even goes into detail as to how fast the data could be extracted.
Full article here..
A good read thanks. I love reading these articles. There are so many factors I would not even know where to begin on the topic of cell phone security. The last line should sum it up for most users.
“We’re going to have to go with the old imperative of ‘Trust no one,’” he said. “And unfortunately part of that is, don’t trust Apple.”
Let's not forget it's a small mobile device which can walk off at any moment. My wallet and keys also are similar in they contain items I would not want others to have access to and could be used in the same way.
Good article but it just proves an already understood fact - apple was never taken seriously as a business company especially when it comes to security. All of apples products are built on the premise of openness, anyone can connect, access and utilize things that apple makes. Good if you're running a fun house - bad if you are serious about your privacy. I really hope it was never assumed that the iPhone was a serious business device, it is for fun only (an iTouch you can talk on, wait, iTouch has an app for that). I'd get it for music and video - not for emails and credit card numbers.
I hope you realize what he did can also be done with any other phone using different tools (software) a PC and the correct cords. It's not intended to pit anyone against but rather shed light on concerns people may not know about. He does a great job with this type of stuff. I'm glad he is vigilant and stays on top of these things for everyone. I've never done work on an iPhone but have on hundreds of BB's. That's why I mentioned our Wallets and keys. Items like this are inherently not secure for many reasons.
Actually when I first began looking at the article I was hoping for information on the other side like how to intercept data being sent or what happens after we select send etc.
I recall setting in a class one day not long ago and the Key Note speaker began talking about cell phone security (about 300 people) and at the same time 25 cell phone began ringing. The Speaker was making the phones ring. He was pointing out how easy it was as he displayed the names of the people on the big screen. My jaw hit the floor. I shut done my Pearl and pulled the battery and paid close attention.
Wow. Now that is a class I would love to have been involved in. We do tend to take device security for granted and articles like that are a constant reminder of just how much trust we put into our devices to store very personal information.
Originally Posted by srl7741
I'm interested in opinions/guidance the the area of iPhone security and what it really means to implement cryptography on them for the corporate world. Any thoughts?
Tags for this Thread