The iPhone security non-story

Summary:David Maynor is hoarding his Safari browser flaws with his eyes on the iPhone.As far back as January, hackers were asking questions about the iPhone CPU and preparing for attack scenarios.

David Maynor is hoarding his Safari browser flaws with his eyes on the iPhone.

As far back as January, hackers were asking questions about the iPhone CPU and preparing for attack scenarios.

The first hacker that breaks into the iPhone will generate lots of headlines/publicity but that's right about where this story ends.

According to this NetworkWorld piece, Gartner will add to the ridiculous hypefest next Monday with a warning to enterprises:

We're telling IT executives to not support it because Apple has no intentions of supporting (iPhone use in) the enterprise," Gartner analyst Ken Dulaney says. "This is basically a cellular iPod with some other capabilities and it's important that it be recognized as such."

Do we really need a Gartner report to tell us that a storage device presents a data theft risk?

Dave Goldsmith from Matasano says it best:

Every device that walks into your organization is just another way for data to leave. Laptops, iPods, cell phones, PDAs and even the dreaded Furby have all gone through this same set of concerns.

Yes, somewhere deep inside of every enterprise is a small team of people that have to worry about data management. And yes, everytime something like this comes out, they have to write a bunch of policy blocking it. And then they have to start relaxing that policy as the devices become commonplace.

If you are responsible for keeping data inside of your organization, for the love of everything that is holy, please don’t spend too much time on the iPhone. Allow us to remind you about all of the data breaches that are happening thanks to insecure wireless access points, tape backups disappearing, wrapping your newspapers in customers’ personal financial information, and stolen laptops.

Space Rogue, a former L0pht member and editor of the Hacker News Network, agrees this is a non-story and argues that iPhone will be much more locked down and secure than your existing cell phone, thanks to the firmware auto-updating mechanism built into iTunes.

iPhone will run a modified version of OSX. That will likely include some form of FileVault, Apple's encryption technology for user files. Thats right, encryption built right in. This hasn't been announced and it might not be in there, but if the technology and the code already exist why not put it in?

iPhone looks to be just about as secure or even more so (no proprietary and closed backend) than a Blackberry, Treo, or Blackjack. Everyone saying otherwise is either a paid MS schill, astroturfing, or just plain idiots.


And the 25+ PR folks pitching me on iPhone security stories to hitch your clients' wagon to the iPhone gravy train, you can stop now.

This is my last iPhone blog entry. Until Maynor or Halvar Flake breaks in.

Topics: iPhone, Mobility, Security


Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.