Analysts: iPhone Has Neither Security nor RelevanceBy Lisa Vaas | Posted 06-22-2007
Or, then again, depending on which iPhone watcher you're paying attention to, the iPhone security is irrelevant compared with "insecure wireless access points, tape backups disappearing, wrapping your newspapers in customers' personal financial information, and stolen laptops."
The iPhone won't go on sale until June 29. Up until now, and probably until it hits retail shelves, Apple has given next to nil information regarding the security features its first smart phone will have, making security analysis little better than conjecture. The few pieces of security background analysts have to go on include these tidbits: 1) The iPhone will run on Mac OS X and 2) the iPhone will run Apple's Safari browser.
The security experts who are worried about the hot, new gadget base their fears on the fact that the iPhone will be capable of much of the same functionality as the BlackBerry, without the enterprise-class security: The iPhone can access e-mail, the Internet and SMS, and it can store a plethora of sensitive data in its contact and organizer functions.
"The BlackBerry has over 200 security policies that permit enterprises to turn off its camera, force password changes" and prevent browsing certain sites, among other enterprise-class security features, said Ken Dulaney, an analyst at Gartner. "I'm 99 percent sure that's not where the iPhone is taking it. If [such security features] came from anywhere, it would be from third parties. BlackBerrys are going to kill [the iPhone] from a security [perspective]."
Note: The BlackBerry's security profile isn't necessarily faultless: Symantec researcher John O'Connor put out a whitepaper on hacking the device in the fall. The paper was subsequently removed from Symantec's site, however; O'Connor said the reason for the removal was that he hadn't considered "the effectiveness of all possible security features that might provide mitigation of the impact of malware and the management of application permissions."
Still, BlackBerry security headlines have covered, among other things, a DoS (denial-of-service) bug in January 2006, the release of exploit code in August 2006 and the ability for attackers to purchase a $100 API developer key to enable data theft off the devices.
Andrew Storms, director of security operations at network security firm nCircle, who called the iPhone a "security nightmare" in a recent post, has gone so far as to post a list of security-related questions that he wants Apple to address in a public forum before organizations "reel this new gadget into" their security policies. To wit:
Gartner plans to recommend that businesses don't allow iPhones to come onto their premises.
Read the full story on eWEEK.com: Analysts: iPhone Has Neither Security nor Relevance