Informal Brain

Just another sign that IBM really “gets it” when it comes to iPhone security. I happen to work at a Lotus Notes shop and we have been taking a strong look at the iNotes Ultralite application for some time now. You may have seen some of my previous posts about the lack of enterprise level encryption for email on the iPhone. This is a show stopper for our company where we manage complex PHI (Personal Health Information) for our customers. We can’t afford to loose even one device (laptop, smart phone) which is not encrypted.

IBM is always concerned about data security for its customers, and as such they decided to make iNotes Ultralite a web app rather than a native iPhone application. IBM felt it was important to customers to insure that all communications between the iPhone and Lotus Domino server be encrypted, and that no data remain on the device in case it was lost or stolen.

[From iPhone in the Enterprise: Lotus iNotes Ultralite - The Unofficial Apple Weblog (TUAW)]

I suspect we will see a native Notes application for the iPhone or a plugin for the native Mail application in the future when encryption is available. Until then, IBM is delivering what we need right now.

Just when you thought you got rid of that incriminating email on your iphone, or removed that suspect web site from your cache you might be surprised to hear that the iPhone captures an image of the application when the “home” button is pressed.

As widely reported, the iPhone takes a screenshot every time the home button is pressed so that the 3D “zoom” effect can be processed when the application zooms in and out, when suspending and resuming applications. These shots are stored, at least temporarily, on the device, presenting potential privacy issues.

[From Keeping Your iPhone From Spying on You - iPhone Atlas]

A forensic analyst can retrieve the images from the phone by mounting the disk and using data recovery tools to reconstruct the images as they are not actually removed from the disk, just the pointers to the files are removed. This continues to demonstrate that the iPhone cannot be treated as a secure device. The iPhone atlas site demonstrates a way to disable the image storage on a jail broken phone. For the average user, be aware that your iPhone is keeping a log of your activity.

I continue to make the argument for encryption. To make that a reality, with good performance, Apple may need to embed a dedicated encryption processor to the device.

In the past couple of days there has been a sudden outcry around the security issue with the iPhone pass code bypass issue. I loved this comment on iPhone Atlas today:

“The iPhone is a computer, just like a desktop computer, and so it can easily be booted in such a way that one can mount the disk and delete or modify the device’s configuration - including the passcode configuration. Cracking the iPhone’s passcode is about as complex as changing the root password on a desktop machine, given physical access.

[From iPhone Security Flaw Is the Tip of the Iceberg - iPhone Atlas]

This is something I have been pointing out for some time now. The iPhone doesn’t have any kind of storage based encryption so as the author of the above quote so readily points out that mounting the iPhone as a disk allows access to the configuration files. This allows easy editing of the PLIST files allowing a hacker to disable the pass code and steal the data.

For some time now I have been calling on Apple to give us encryption as an enterprise feature. I noted in a previous blog post that device encryption was the missing enterprise feature when the 2.0 software was announced. I was in shock when I watched company after company (including the military) laud the iPhone 2.0 software. Did they miss the point that the device can be compromised so easily putting their mobile exchange push data at risk?

We need to pressure Apple to add encryption to the device while fixing these pass code problems. Only encryption will protect the device from being mounted as a disk. Until then I would not store sensitive data on the device using push email from exchange, LDAP or POP3. I would be very careful with webmail solutions. For example, we are asking lots of tough questions to IBM around iNotes for Lotus Notes and how much data it allows in the browser cache.

Ask the tough questions…. and continue to demand encryption.

http://mobileforensics.files.wordpress.com/2008/02/iphone_passcode_workaround.pdf

This type of information shows the iPhone is not ready for enterprise use where critical information may be stored on the iPhone device.

I continue to call for a strong encryption solution.

See below:

Earlier this week, the iPhone Dev Team released WinPwn 2.0, a tool that allows Windows users to jailbreak iPhone 3G units. However the initial release was affected by an issue that caused the Ipwner component to crash. A new version, 2.0.0.3, has now been released, resolving this and other issues.

Jailbreaking allows full read/write filesystem access and the installation of unofficial third party applications.

[From WinPwn 2.0.0.3 successfully jailbreaks iPhone 3G for Windows]

Notice the full read/write access to the filesystem. In fact that is the biggest risk item to an organization deploying iPhones for corporate use. If one of these devices falls into the wrong hands it is probable that someone could jailbreak the device and access the data stored there.

We are even questioning if webmail is a good enough solution. What happens if sensitive materials are stored in the browser cache?!

I really suggest organizations think twice before deploying the iPhone as a corporate device. Know the risks to the email, calendar or browser data that could be stored on the device’s flash memory; then make an informed decision.

Encryption is the answer, I call upon Apple to deliver it.

Steve Jobs presented a list of features demanded by the enterprise for iPhone 2.0.

I was surprised to still see data encryption missing from the list. Especially with beta testers like the military and healthcare / pharmaceutical companies.

Remote wipe may solve some of these concerns, but I would still worry about my device and the stored data (like email) if it ended up in the wrong hands.

Turns out the iPhone passcode is not very secure at all. Jonathan Zdziarski notes:

As discovered by Jonathan Zdziarski, who has established himself as something of an iPhone forensics expert, the iPhone’s passcode mechanism should leave you feeling neither smug nor secure, and represents little more than a mild deterrent for would-be viewers of your private data.

[From iPhone passcode can be easily bypassed - iPhone Atlas]

In the referenced article are steps to hack into the device and replace files by manipulating the disk directly. What this proves to me is that Apple should look seriously at using some kind of on disk encryption for the iPhone which can be optionally enabled and then secured with a user password. This would avoid the issue we see here because the device itself would no longer be a target of a direct disk attack. I have previously written about how I believe Apple has missed a primary feature related to data encryption on the iPhone. Apple should really bring their FileVault technology to the iPhone and enable it for true enterprise level security.