Tuesday, March 3, 2009

iPhone Security: is the iPhone's security model a threat in your enterprise?

Creative Commons licensed image courtesy Refracted Moments.

SearchMobileComputing's Lisa Phifer interviewed McAfee research scientist Jonathan Zdziarski in a recent article. Zdiarski has done extensive work with iPhone forensics, and points out a number of the major issues with iPhone data security including:
  • The easy with with the passcode can be bypassed
  • The lack of secure deletion, either via a native utility or an App store application
  • Lack of encrypted filespace based on a key in the OS partition
  • Unencrypted data synchronization
If you're facing iPhone usage in your organization, this article is one of the better recent overviews. For now, following the CIS iPhone security benchmark draft may be your best bet if you have to support iPhones.

No comments: