Expert cautions on very poor encryption security
A well known security expert has posted clips to YouTube showing how easy it is to bypass iPhone passwords and encryption, effectively undermining the latest Apple smartphone as an enterprise-ready device that is comparable with the Blackberry.
Apple has made improvements both in iPhone hardware and its software security lately in a bid to improve its enterprise credentials, but steps taken to better secure the latest editions of the handset do not go far enough, according to Jonathan Zdziarski.
The hacker and iPhone developer reportedly said the measures still fall well short of those developed by RIM for the enterprise favoured Blackberry, and added that he had never seen encryption implemented so poorly before.
Apple has worked up security features that will remotely erase an iPhone’s data in the event that the handset is lost or stolen and for its latest generation iPhone 3GS devices has introduced encryption to prevent thieves from retrieving confidential, sensitive information.
The vendor claimed recently that as many as 20% of Fortune 100 companies have bought 10,000 or more iPhones, and following the success of its App Store which is now well stocked with some useful business applications, more corporate IT shops are having to consider how to support the popular handset alongside more robust alternatives like those from RIM.
So important is encryption to the enterprise smartphone market that RIM was prepared to fight off rival bids to acquire Certicom Corp earlier this year, before paying in excess of $100 million for the encryption software supplier.
RIM already uses Certicom encryption programmes to secure its BlackBerry line and the technology is seen as vital to the continued development of the mobile email favourite. The acquisition could help accelerate take up of the Blackberry device by government and public sector authorities, which insist on hardened security in mobile systems, and the market also expects the popular hand-held device could now be developed into a platform for digital wallets and secure m-commerce.
It remains to be seen how Apple responds to calls that the iPhone security is beefed up for business use, but more on the vulnerability of the device can be expected from this week’s Black Hat hackers conference in Las Vegas.