Skip to navigation
   
Simon Bisson & Mary Branscombe's Blog
RSS

Supporting iPhones and Exchange? Today could be a very bad day…

By Simon Bisson & Mary Branscombe in Editorial

Posted in Enterprise, Security, Email, Apple on September 14, 2009 at 8:48 am

Permalink | Author Profile

If you’re an Exchange admin, use the “Require encryption on the device” policy, and you’ve got users out there who are using first and second generation iPhones to get their mail over Exchange ActiveSync, then be prepared for a whole rush of support calls as users update to the latest version of the iPhone OS.

Why?

Because iPhones have stopped lying to Exchange servers.

The hardware on earlier iPhone models doesn’t have the power needed to support whole device encryption -you need the 3GS for that - and  that means that if your business needs to secure its mail, then most of the iPhones out there can’t be trusted. Apple’s earlier versions of the iPhone email software just ignored that policy setting, and reported back that all policies had been applied.

That meant that devices that should have been encrypted (either for corporate or regulatory reasons)  weren’t - and all the mail on them was available for anyone with a USB connection and the appropriate software.

As I’m sure you can guess, that drove a coach and horses through your  security policies, and opened your business up to all sorts of regulatory problems.

Now at least those phones will stop getting mail.

But it’s a bit of a worrying thought that one of the most popular phones in the world was skating past security policies. Of course that leaves us with two more worrying thoughts:

First, how many other phones out there are doing just that without you knowing?

And secondly, just how are you going to tell your bosses that they can’t use their phones for email any more?

12345
Rated: 20% (1 votes)
Loading ... Loading ...

Previous Post | Next Post

 
 
Comments

Comment by fireball_xl5 - September 15, 2009 on 9:17 am

But surely all those experienced Exchange Admins out there would have rigorously followed their corporate tried-and-tested Release/Deploy and Change policies, processes and procedures and identified this security issue PRIOR to rolling out the ‘phones……. wouldn’t they?

Comment by David Bradbury - September 15, 2009 on 10:58 am

We never allowed Iphones to connect to our servers. Not because of the security but we couldnt be bothered to support different handsets. HTC Touch pro for everyone here. Its not a great phone but seems to do for business purposes.

Comment by Simon Bisson & Mary Branscombe - September 15, 2009 on 11:02 am

@fireball - but how would you know that a handset was accepting the policy and not doing the encryption? Nokia N series phones don’t have the oomph to do the encryption, so they don’t get the mail - Apple just lied to the server. It’s all about root of trust, and Apple dug that out.

@David - have you checked out the Touch Pro 2? Beautiful, beautiful business phone with a superb speakerphone and phone conferencing tool.

Comment by 6tricky9 - September 16, 2009 on 8:27 am

@Simon & Mary: “But it’s a bit of a worrying thought that one of the most popular phones in the world was skating past security policies.”

More hype — it’s a fact that the iPhone is still a *minority* player in the mobile world. It is *not* one of the most popular.

One can never fully trust any device that runs secret, proprietary code for the simple reason that it cannot be tested. You don’t know what that code is doing; that’s what makes it secret. When are people going to realize that?

Admittedly, in the mobile world there is not much choice at present, but Android has begun to change that.

Comment by Simon Bisson & Mary Branscombe - September 16, 2009 on 11:06 am

@tricky

The iPhone hasn’t sold as well as the BlackBerry, certainly, and overall Windows Mobile has sold more - and of course Nokia is still the big name in Europe at least. The G1 one sold perhaps 100,000 units in the UK; iPhones and various Windows Mobile units sold more like a million in the same time. The iPhone has plenty of flaws, but you can’t seriously deny that it’s popular.

Android isn’t offering any more choice than any other smartphone platform and I’d encourage you to go find out exactly how much of the Android platform is open source and how much of it isn’t, and perhaps to learn about platform APIs that allow you to discover what an OS is doing without delving into source code.
M

Comment by 6tricky9 - September 16, 2009 on 5:38 pm

@Simon & Mary: You told us that the iPhone was not just popular but was “one of the most popular phones in the world”, so I’ll say again — stop hyping it.

I also find your reply incredibly patronising. You suggest that I “learn about platform APIs” but you know nothing about me or what I do. If you seriously believe that you can “discover what an OS is doing without delving into source code” then you are the ones that should be re-educated. If an API gave you all the information about a secret, proprietary OS then it would no longer be secret would it. Even reverse engineering rarely provides all the answers. All an API of proprietary code does is to supply you with the information necessary to hook into that code. As the acronym suggests its merely an interface — an Application Programming Interface.

Furthermore, as you appear to know so much about Android perhaps you could reveal to us “how much of the Android platform is open source and how much of it isn’t”.

Trackback by Augustus Poteat - February 9, 2012 on 5:39 am

will smith beatboxing…

[…]Tennis League (WHL). With a great deal of great brains at the rear of these products and […]…

Make a comment

* required

* required

We stop spam using reCaptcha.
Type the words below and click Submit Comment.

   
Tag cloud

quiz ProCurve DLP Opteron goview mobile rtm geotagging server Quest HSDPA drivers ultraportable beta microsoft security essentials verdana MING Palladium CUDA desktop. PC Bill Gates macro SKU lost server people DSL task bar ruggedized GPL Windows 7 vs Windows Vista voice fire visualisation Greasemoneky Verbatim exabytes CIO cloud O'Reilly management ADFS 2.0 RBL NexT Barracuda electricity price tablet Ruby open source IDF security theatre vulnerabilities netiquette isp g-2 etech database system center tele atlas SMB 2 Previous Versions culture Xobni media Apple identity theft VSSAdmin SapphireSteel office parallel computing Dell cables magic RIM Chrome no signal Girl Geek Dinners ubuntu TSA wireless USB BlackBerry atom IIW2008b wubi TechEd 2008 wes SSD docking station accessories downturn Firefox CPU p2v installation venture capital Motorola robot AMD Google Sets troubleshooting BT data loss context office politics video aws disk space keyboard infrastructure direct access logitech Moonlight IO Trolltech toshiba O2 Mono bea android AIR christmas Trend Micro gameboard business technology optimisation switch flash drive installer Tom Hogan transcoding office 2010 CERN winhec2008 streaming media isps social engineering Web 2.0 Trampoline credit crunch greenplum power supply numbers patent geek tourism secure accelerator innovation IT transformation co-processor legacy emulator HTC connectivity Tablet Kiosk Windows Live international roaming DOSBox Bill Cheswick bandwidth apps Ruby On Rails malware MIX london national museum of computing firewall uninstall 64-bit Google iPhone ikea FUD CES ports HTML 5 bbc iplayer RSA 2008 Smartbook GPU ucsd Xen mobile ofcom network insert SIM navteq network dual boot IT policy Netscape BBC future in review vmware information monitor demo09 fingerprint Opera cosmic rays Intel geneva thermo server sprawl Frauenhofer oracle HMT performance enterprise architecture bolt politics annotation WinHEC DisplayLink system management macbook Gartner data tariff moscow battery life CardSpace Qualcomm ribbon WEI Tombstone Objects Windows Server 2008 green IT safend project user experience anti-patterns Tim Berners-Lee hold music virus mobility Seagate ATI legislation Gears Mark Hurd mythbusters email Silverlight information cards Ray Ozzie market share Loki claims Acrobat Pro mobile broadband how do I get the back off? developer high performance computing mobile Linux RAZR LHC OQO OpenID Internet microsoft research Hugh Thompson geocaching Credentica distributed computing Skyfire catalyst networks interoperability amazon power saving twitter laptop Tripit phone management mapping green printing gabriola social networking bugs hardware encryption business navigation competition deperimeterization appzero tennis fingerprint scanner Ask.com Facebook biometrics community lockdown Express Gate DOS MacWorld 2008 WPF utility Clear RX conferences design case applications security paradox hdmi g-1 QWERTY thin client Large Hadron Collider nvision08 Nuance TouchSmart training Vista NVIDIA lawsuit flex webkit acquisitions Google IO Mini-Note augmented reality HP 965 Lenovo html Palm business intelligence traffic trends it pro service oriented enterprise SP1 Toshiba Portege R500 griffin mysql eu wifi Delphi bombe fibre merger bug codec ANR consolidation pre-boot Numenta xT9 web2expo hp microsoft research anti-trust netbooks identity metasystem BitLocker MacBook Air gamer fonts WWW netbook Jeff Hawkins AskEraser terabytes sun camera rich client whitelist smartphone storage analytics Reqall semiotics workflow colossus remove back evernote MIX08 Safari iPass search city power Linux Embarcadero MWC application compatibility software fault NAS education target Eee PC Microsoft beta test Windows Server turing Dopplr T9 Mozilla Beacon citrix HSPA anti-virus Java web optical interconnects CTO privacy RIA outlook hard drive mobile working Crossfader cold fusion IBM licensing i-mate Jeff Jones ipsec regulations hibernation windows 7 icons business model Hp 2710p backhaul Active Directory hierarchical temporal memory security collaboration mash-up windows appstore data centre cloud computing mms 2009 Istanbul IM AuthenTec yahoo multiple monitors browser Visual Studio Protected View bletchley park disk cisco flash windows server 2008 r2 Wyse data enterprise benchmark control panel OFCOM active digitiser spam todo list conference UMPC Secunia BES d2c .NET identitity IT value Corsair pgp 3G public cloud ec2 teched web 2.0 expo futura old software mobile network EMC business continuity telecoms adfs ontier screencam designer clean install Internet Explorer 8 virtualisation open ballmerbot Salesforce police routing Location Live Mesh wildfire mobile data tariffs ClipMate exchange regulation OEM data centre transformation productivity LiveID rc maps 2009 disaster recovery M&A T-Mobile media center MAX user interface Pal Wimbledon mainframe Opsware advertising Nokia cellcrypt GPS Netscan business technology automation pen computing phone settings patch Tuesday offload hyper-v congestion charge virtual desktop migration history Asus EEE data loss prevention gaming Mercury development SBS power cuts display demo natural interface machine learning spam fighting Fire Eagle Enterprise 2.0 cloud service google online applications Google Spreadsheets Vodafone dual display Itanium radeon usb dvi hacking pixetell forensics october screen NGSCB relocation cracking moblin calit2 processors Windows Mobile images voice recognition Magny-Cours upgrade private cloud Internet Explorer Treo Pro ipv6 information rights management Volume Shadow Copy mscape Adobe wave amherst cam utilities Tablet PC 2.0 timezones Sony meaning instant messaging support Bing MRDA RSS search deborah adler setup IT automation
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement