Skip to navigation
   
Simon Bisson & Mary Branscombe's Blog
RSS

Supporting iPhones and Exchange? Today could be a very bad day…

By Simon Bisson & Mary Branscombe in Editorial

Posted in Enterprise, Security, Email, Apple on September 14, 2009 at 8:48 am

Permalink | Author Profile

If you’re an Exchange admin, use the “Require encryption on the device” policy, and you’ve got users out there who are using first and second generation iPhones to get their mail over Exchange ActiveSync, then be prepared for a whole rush of support calls as users update to the latest version of the iPhone OS.

Why?

Because iPhones have stopped lying to Exchange servers.

The hardware on earlier iPhone models doesn’t have the power needed to support whole device encryption -you need the 3GS for that - and  that means that if your business needs to secure its mail, then most of the iPhones out there can’t be trusted. Apple’s earlier versions of the iPhone email software just ignored that policy setting, and reported back that all policies had been applied.

That meant that devices that should have been encrypted (either for corporate or regulatory reasons)  weren’t - and all the mail on them was available for anyone with a USB connection and the appropriate software.

As I’m sure you can guess, that drove a coach and horses through your  security policies, and opened your business up to all sorts of regulatory problems.

Now at least those phones will stop getting mail.

But it’s a bit of a worrying thought that one of the most popular phones in the world was skating past security policies. Of course that leaves us with two more worrying thoughts:

First, how many other phones out there are doing just that without you knowing?

And secondly, just how are you going to tell your bosses that they can’t use their phones for email any more?

12345
Rated: 20% (1 votes)
Loading ... Loading ...

Previous Post | Next Post

 
 
Comments

Comment by fireball_xl5 - September 15, 2009 on 9:17 am

But surely all those experienced Exchange Admins out there would have rigorously followed their corporate tried-and-tested Release/Deploy and Change policies, processes and procedures and identified this security issue PRIOR to rolling out the ‘phones……. wouldn’t they?

Comment by David Bradbury - September 15, 2009 on 10:58 am

We never allowed Iphones to connect to our servers. Not because of the security but we couldnt be bothered to support different handsets. HTC Touch pro for everyone here. Its not a great phone but seems to do for business purposes.

Comment by Simon Bisson & Mary Branscombe - September 15, 2009 on 11:02 am

@fireball - but how would you know that a handset was accepting the policy and not doing the encryption? Nokia N series phones don’t have the oomph to do the encryption, so they don’t get the mail - Apple just lied to the server. It’s all about root of trust, and Apple dug that out.

@David - have you checked out the Touch Pro 2? Beautiful, beautiful business phone with a superb speakerphone and phone conferencing tool.

Comment by 6tricky9 - September 16, 2009 on 8:27 am

@Simon & Mary: “But it’s a bit of a worrying thought that one of the most popular phones in the world was skating past security policies.”

More hype — it’s a fact that the iPhone is still a *minority* player in the mobile world. It is *not* one of the most popular.

One can never fully trust any device that runs secret, proprietary code for the simple reason that it cannot be tested. You don’t know what that code is doing; that’s what makes it secret. When are people going to realize that?

Admittedly, in the mobile world there is not much choice at present, but Android has begun to change that.

Comment by Simon Bisson & Mary Branscombe - September 16, 2009 on 11:06 am

@tricky

The iPhone hasn’t sold as well as the BlackBerry, certainly, and overall Windows Mobile has sold more - and of course Nokia is still the big name in Europe at least. The G1 one sold perhaps 100,000 units in the UK; iPhones and various Windows Mobile units sold more like a million in the same time. The iPhone has plenty of flaws, but you can’t seriously deny that it’s popular.

Android isn’t offering any more choice than any other smartphone platform and I’d encourage you to go find out exactly how much of the Android platform is open source and how much of it isn’t, and perhaps to learn about platform APIs that allow you to discover what an OS is doing without delving into source code.
M

Comment by 6tricky9 - September 16, 2009 on 5:38 pm

@Simon & Mary: You told us that the iPhone was not just popular but was “one of the most popular phones in the world”, so I’ll say again — stop hyping it.

I also find your reply incredibly patronising. You suggest that I “learn about platform APIs” but you know nothing about me or what I do. If you seriously believe that you can “discover what an OS is doing without delving into source code” then you are the ones that should be re-educated. If an API gave you all the information about a secret, proprietary OS then it would no longer be secret would it. Even reverse engineering rarely provides all the answers. All an API of proprietary code does is to supply you with the information necessary to hook into that code. As the acronym suggests its merely an interface — an Application Programming Interface.

Furthermore, as you appear to know so much about Android perhaps you could reveal to us “how much of the Android platform is open source and how much of it isn’t”.

Trackback by Augustus Poteat - February 9, 2012 on 5:39 am

will smith beatboxing…

[…]Tennis League (WHL). With a great deal of great brains at the rear of these products and […]…

Make a comment

* required

* required

We stop spam using reCaptcha.
Type the words below and click Submit Comment.

   
Tag cloud

Palladium mobile Linux screencam rtm HTML 5 flex Mercury power ontier Silverlight lawsuit CUDA RIM NVIDIA IT transformation consolidation smartphone exchange QWERTY application compatibility no signal Bill Gates monitor bbc iplayer troubleshooting hard drive designer national museum of computing Opteron MIX apps Google Sets Crossfader wes patent 2009 Web 2.0 ikea pen computing SBS adfs fonts Jeff Jones Eee PC Frauenhofer Magny-Cours management project annotation utilities Ask.com browser voice gamer user interface Acrobat Pro active digitiser Internet Explorer 8 exabytes cold fusion Trend Micro enterprise architecture parallel computing hp microsoft research timezones data loss M&A geneva CTO moscow Tripit power cuts wildfire IT value accelerator HP ballmerbot OpenID interoperability Tom Hogan bea usb web 2.0 expo information cards ubuntu Gartner RIA insert SIM radeon Itanium mash-up navigation fire CPU 64-bit wifi mythbusters Hp 2710p outlook Sony twitter Lenovo Verbatim Tablet Kiosk politics webkit nvision08 gaming Clear RX thermo data vulnerabilities netiquette mobile network Java ADFS 2.0 offload AMD magic isps meaning SSD Internet routing Windows Server 2008 connectivity ec2 3G networks amazon hierarchical temporal memory data centre AIR Trampoline Volume Shadow Copy hold music benchmark geek tourism BlackBerry support beta hardware innovation Location Bill Cheswick Pal education Live Mesh Vodafone regulations advertising rc Hugh Thompson wubi winhec2008 venture capital cisco Jeff Hawkins UMPC Linux moblin Beacon Girl Geek Dinners WinHEC privacy IT automation cellcrypt open source hdmi cloud computing OQO fibre augmented reality iPhone Apple drivers tele atlas transcoding database mobile infrastructure ipsec HSPA BES netbook ultraportable utility T-Mobile co-processor Wyse Smartbook robot 2.0 Ruby semiotics Treo Pro how do I get the back off? RAZR macbook MIX08 media center Ray Ozzie Secunia HMT merger spam Asus phone settings Tombstone Objects virus .NET IBM docking station Gears microsoft research Skyfire geotagging Dell identity metasystem ATI congestion charge instant messaging disk mobile broadband Facebook maps media todo list dual boot Barracuda lockdown malware bugs remove back Mono business continuity colossus macro green printing workflow i-mate BitLocker pre-boot MacWorld 2008 MAX etech Nokia Large Hadron Collider appstore Palm WEI SapphireSteel Google Spreadsheets machine learning biometrics web2expo CardSpace forensics city d2c mobile data tariffs acquisitions beta test aws upgrade SP1 people desktop. PC natural interface relocation laptop Visual Studio Mark Hurd installer HTC Seagate CERN Microsoft virtual desktop Dopplr Delphi october mobility target search future in review developer mobile ofcom network Greasemoneky Corsair Netscan Google open lost server enterprise business intelligence Fire Eagle ipv6 O2 flash drive it pro bletchley park public cloud Netscape TouchSmart windows security paradox analytics green IT old software CIO ProCurve goview Chrome codec whitelist IT policy Tim Berners-Lee dual display disaster recovery T9 business technology automation distributed computing MWC hyper-v GPU IIW2008b user experience IO p2v DisplayLink cables CES numbers bug SKU pixetell geocaching security performance citrix email identitity BT firewall encryption police MRDA wave LHC Xen cracking licensing logitech Istanbul emulator service oriented enterprise ribbon battery life telecoms training terabytes business bolt server social engineering mapping keyboard installation camera toshiba iPass power saving mms 2009 anti-virus flash safend WWW streaming media backhaul network identity theft ANR fingerprint scanner DSL processors IDF catalyst deborah adler power supply patch Tuesday demo Vista high performance computing RBL cosmic rays sun calit2 office 2010 optical interconnects bandwidth Opera isp pgp netbooks 965 EMC quiz office uninstall Trolltech FUD web oracle tennis VSSAdmin credit crunch vmware productivity data loss prevention verdana setup windows 7 applications Bing social networking Windows Live migration Reqall conference case windows server 2008 r2 hacking design Mozilla voice recognition Embarcadero NAS BBC DOSBox switch wireless USB Toshiba Portege R500 appzero DOS london anti-patterns Windows Mobile microsoft security essentials rich client collaboration WPF GPS system management visualisation Active Directory downturn ucsd android Motorola control panel TSA OFCOM images storage TechEd 2008 mobile working O'Reilly context Safari culture claims griffin cam office politics futura html conferences anti-trust Ruby On Rails server sprawl yahoo Nuance fingerprint market share phone management multiple monitors business model history mainframe tablet trends EEE Qualcomm traffic amherst dvi international roaming thin client DLP cloud NGSCB AuthenTec Loki accessories gabriola Previous Versions navteq security theatre private cloud evernote direct access Wimbledon virtualisation information rights management Windows Server Google IO NexT HSDPA mscape competition electricity price hibernation Tablet PC system center g-1 fault Enterprise 2.0 christmas legislation disk space RSS search Internet Explorer video teched icons Numenta g-2 MacBook Air screen OEM gameboard community data tariff IM spam fighting Quest bombe atom deperimeterization data centre transformation SMB 2 Express Gate RSA 2008 business technology optimisation software demo09 cloud service google online applications Moonlight information Credentica display greenplum legacy Protected View clean install Firefox Mini-Note development ClipMate Salesforce turing eu AskEraser Adobe Windows 7 vs Windows Vista Intel Xobni MING ruggedized Opsware ports mysql xT9 LiveID regulation GPL task bar secure
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement