Posts tagged ‘iPhone’

Jailbroken Phones and Corporate Access

September 6, 2011, 11:10 pm

A month ago I posted an article titled Jailbreaking – Unsafe at Any Speed.  That was about the need for companies to have policies against jailbreaking on corporate phones.    Now I find myself in the position of writing policy to allow personal phones to connect to the Good server.   I want to bring the same “no jailbreak” policy over to personal devices and I’m getting some pushback.

For those not familiar with Good, Good has an app for the phone.   The app connects to the Good data center.    A good server in our data center talks to the Good data center and our Exchange server.    In terms of connections it is similar to Blackberry.   The difference is the data is kept within a theoretically secure vault.

In every example of mobile phone policy or discussion of mobile data security it seems step one is don’t allow jailbreaking.   Good has the ability to check for jailbroken phones and based on your config either exit the app or wipe the app.

Jailbreaking iPhones became a big thing for a while.   People like to tinker.   Is jailbreaking necessary anymore?  Jailbreaking predates the appstore.   Now the phrase “there’s an app for that” is a cultural meme.   Jailbreaking was also used to get the phone onto unapproved carriers.  iPhone is now available on Verizon, and a third carrier rumored soon.  There is tethering, but now the phone company wants to sell that to you and will probably catch up with you if jailbreak to tether.    iOS5 is rumored to be bringing in many of the features formerly only available through jailbreaking such as an approved “alert” system and wireless syncing.   Facetime over 3g was also rumored for iOS5.

Jonathan A. Zdziarski made an impassioned plea for jailbreaking.   It is no longer available on this blog, so I’m linking to archive.org.  His argument is that DRM is bad, DRM is not security.  He argues that attacks on jailbreaking are fear-mongering.   Zdziarski wrote that blog post in opposition of Charlie Millers comments in 2009 that “if you care about security, you dont use a jailbroken iPhone.”

More recently, Charlie Miller commented about jailbreaking this August in an interview with Tom’s Hardware.    “Yes, jailbreaking does weaken the security of the device by circumventing the security architecture as designed by Apple (code signing, running apps as user mobile in a sandbox, etc). “   In 2009, he was more bold stating , “The process removes around 80 percent of the security protections built into the phone’s software, making it more vulnerable.” 

Saying jailbreaking is risky for an enterprise phone doesn’t mean it is the model of security if not jailbroken.   The jailbreakme PDF exploit (now patched) used vulnerabilities in mobileSafari and IOKit to priviledge escalate.   The SMS vulnerability Miller found was in the build in SMS software.   Malicious software has made it through the vetting process into Apple’s AppStore.

People are free to do whatever they want with their own phones.   But once you ask me to put corporate data on it, now I’m involved.   I think we need to approach this with an abundance of caution.  No matter how secure an app is it is relying on a untrustworthy operating system if that device has been jailbroken.  If someone used privilege escalation to gain administrator on a corporate computer we wouldn’t say “glad that works better for you” and go about our day.

Up next some similar comments about Android.

Tags: , ,
Category: Apple  |  2 Comments

Pandora’s IPhone

June 8, 2011, 9:25 pm



A few years ago, the pressure was to allow iPhone access to corporate EMAIL.  In spite of security concerns, no one could resist the latest toys.  We re-implmented a Good server (left over from the Treo days) to allow iOS access in a semi-secure fashion.  Now a year later many companies are considering allowing personal iOS devices access to corporate e-mail.  The iPhone it is a very expensive device.  Many users already have their own phone and don’t like carrying two.  It is no surprise then when management wants to allow personal iOS devices.  This shifts the cost to the employee while allowing to any employee willing to foot the bill.

It is argued that Good is a secure container.  We use Good with corporate iOS devices.  We don’t trust the inherent security of IOS itself.  Therefore the executive concludes that if Good is a secure container, it would be equally secure with a personal device.

Welcome to pandora’s iPhone.

The assumption that Good is secure may not be correct.   If the iPhone is found unlocked could an attacker access the memory and find the password for the Good app?   Could the password be in the iPhone autocorrect typing cache?   Who knows.   Once you’ve given in to not requiring a pin for both the phone and for the device, you are in a less secure place in my opinion.

Actually it’s not just IOS Devices such as iPhone, iPad and iTouch.  Anything Good supports would be fair game including Android, Symbian and Windows Mobile.  It’s a burden to stay on top of IOS patching and security concerns. Now we’re going to throw in every possible operating system for mobile phones!

When I look at how other companies addressed personal phones the main concern is legal.  If you have to perform a discovery on a mobile phone provided by the company, it is rather simple.  You take it.  What happens when it’s a personal phone?  Sure you can make the employee sign their rights away as a condition of access to corporate email, but it can be harder to put into practice.

Is it enough to merely wipe that Good application from the IOS device?  It may be desirable to wipe the entire phone.  Once again much more difficult when personal devices are in use.

There are also process problems.  Currently the phone is returned as part of the termination procedures.  We have it.  When it’s a personal phone, this will not occur.  Does disabling the email account necessarily prevent mail from being forwarded to the personal device in Good?  I don’t know.  What if the account is merely expired by date rather than disabled?  This would need to be tested.  At worst, the help desk would need to remember to disable the phone registration in Good at the time of the employee’s termination.  Risk is introduced where none was there before.  Additional work occurs where none was there before

We may not be able to create enforce our own policy any longer, but we’re often under strict customer requirements as they each interpret FISMA in wacky ways.  How does the customer feel about their corporate data being on a personal iPhone?  Are we going to have to create spreadsheet recording customer preferences?  How will we be notified is the employee changes projects?  Sounds like a management nightmare to me.

What about IOS upgrades?  If we force the users to update the IOS on their personal phone and that is bricked whose responsibility is it?  Sure we could have them sign an indemnification before they have access to corporate email but when it gets bricked and they lose data who are they yelling at?  It needs to be clear ultimately they are responsible.  They need to go to the genius bar at the apple store. If they don’t like it, they don’t need to have access to our data.

Even if we assume that Good is a perfectly secure envelope, how much data ends up on the rest of the phone?  Employees use other apps.  Employees may use evernote and sinc confidential data to the cloud.  Ultimately arent we encouraging the use of a wildcard?

While the company may save some costs by shifting that IOS hardware costs and data plan subscription to the End-user.  Ultimately we may have higher fees.  By opening the good server it to anybody with and IOS device we now have substantially higher fees for good licensing.  Who is paying that?  This is often shunted onto the IT departments in an unbudgeted fashion.   Upstairs gives themselves an award for saving money when really they just shifted it off of their budget to someone else.

Another concern that should be looked at is the enterprise e-mail fees on some carriers.  Purportedly Sprint has a $20.00 monthly fee for personal accounts to use corporate email services like Good.  I guess it’s OK as all the cool people are using a AT&T.  What about overage costs?  Is there any liability if the personal iPhone suddenly has a large data bill due to roaming on that trip to Canada?  This needs to be put into that the user agreements for personal devices.

What about the precedent?  It seems that were just a hop skip and a jump away from personal computers on the corporate network.  It’s difficult enough securing corporate devices that are supposed to be somewhat homogenous.

Tags: ,
Category: General  |  Comment

They know where you’ve been sleeping

April 20, 2011, 5:04 pm

They know where you’ve been awake.

So, the iPhone stores your location information even when you aren’t using location enable applications.   This is the claim of iPhone Tracker, an application for mapping your whereabouts using this stored information.   The location files are part of the iPhone backup, so I guess if your significant other has tech skills they could be checking up on you after the fact. 

I’m sure that has no relation to a story earlier this week from The Newspaper.  The Newspaper reports (unsourced of course) that the ACLU is looking for information on Michigan police extracting information without a warrant from mobile phones during traffic stops.

Tags:
Category: General  |  2 Comments

iPhone 4.3.2

April 14, 2011, 6:44 pm

The latest iOS software update is out containing multiple security fixes.

  • Certificate Trust Policy
  • libxslt
  • Quicklook
  • WebKit

Exploitation of the most severe of these vulnerabilities may lead to remote code execution.

Isn’t this the 3rd update in the past five or six weeks?  

Does your corporation account for iPhone patching?

Tags: , ,
Category: Apple  |  2 Comments

Good App for iPhone Update

August 15, 2010, 1:55 am

Good released a minor update to their app for the iPhone.   Release notes are on their site.

Companies that don’t want to use ActiveSync but still feel pressured into making the iPhone an option are looking to Good to do so.  

From the release notes:
• Complete landscape view – Including email list view, calendar, contacts and attachments.
• Conference dialer – quickly and easily dial into a conference bridge without having to memorize the conference pass code.
• Maps integration – quickly find the location of your meeting on a map and even get driving directions.

A change not mentioned is that when I receive a signed message instead of no indication the message is signed, I now get a message:

The sender has digitally signed the message with a personal certificate.  To verify the signature you can read this message on your desktop computer.

I can still read the message on the device, as I could before the update.   Without signature verification, I feel like this update only provides a false sense of message source identity verification.  

Its my understanding that full S/MIME support is on the roadmap.

Tags: , ,
Category: Apple  |  Comment

Jailbreaking – Unsafe at any speed

August 6, 2010, 8:25 am

Look at me, making Ralph Nader references whether they work or not.

Back in July, the US Copyright office ruled it is legal to jailbreak your iPhone in order to install non-appstore apps or even to unlock the phone to use with another carrier.

What does this mean for iPhones used the enterprise?

Just because something is permissible under the law, that does not mean that a corporation must allow it.    Apple may still make it a violation of their terms of service and void the warranty. 

Jailbreaking  offers a greater potential for malware to be run on the phone.  Do you remember the iPhone jailbreak worm?   A popular jailbreaking technique was setting up SSH and leaving a default password.   Doh!

Dave Zatz had a recent post asking if there was even a case for jailbreaking anymore.

So while my company is full of engineers who like to tinker.   While the phone has corporate data, we need to enforce a no jailbreaking policy.

Tags: , ,
Category: Apple, Policy  |  1 Comment

Good[tm] for iPhone

August 5, 2010, 7:23 pm

As I mentioned back in July we started an evaluation of Good on the iPhone.   We used Good in the bad old days of RIM’s patent fight.  Some executives stated they wanted a quick out plan in case RIM was forced to shut down.   I don’t think that was ever likely to happen.   It did allow us to bring in what was then the current top (gadget) fashion accessory.  A Palm Treo.   I think we had both the original palm operating system and a Windows Mobile version.   I really hated it.   It locked up often requiring a device reboot (pull the battery). 

As I understand it we were able to bring our Good license back up to date without much trouble.  So the remaining question is will the current gadget accessory, the iPhone, work well with Good.    Part of security is usability so this post will largely focus on Good’s usability.

Installation
For those not familiar, Good is installed as an application from the App store.   Once that is installed, it can be provisioned over the air just like the Blackberry.   No issue there.  

Policies
I’m sure you can find other places that do a blow-by-blow comparison of the policies available on a Blackberry versus Good.  I think it has the policies needed.  One issue we had for a bit was every time we exited Good even for a second, we’d have to reauthenticate when we returned to it.   It turned out we had the security policy a bit too tight.  The Good environment can be set to timeout after x minutes whether you have the app open or not.  

Email
Good does not do S/MIME.   This really sucks.   This is on their roadmap for this year.   First being able to verify signatures and then later being able to encrypt/decrypt messages as well.   So they’ll be catching up with Blackberry.    I haven’t heard if Apple has any plans to support this natively on the phone.  I didn’t ask if PGP support was in the offering.  

There seems to be issues with HTML only emails.   I’ve had that issue with a couple of message where nothing displays.   To be fair we had an issue like that with the Blackberry.   If I recall correctly they hated Cyrillic characters.

Attachments
I have not checked what attachments are supposed to be readable.   I had issues with a few docx files.  Yet when I sent myself a docx test file, it opened correctly.   There is a configuration to keep larger attachments (4 MB by default) from downloading to the device.

If you used Notes or Tasks in Outlook those items are not synced

There are a number of Good settings that aren’t supported on iOS 4 right now.   You are unable to deploy the iPhone configuration file using Good.   It’s a good idea to be able to refresh that configuration rather than just when the phone is new.  In Good’s compliance policy they have a section to force Good to close or wipe itself if it detects the phone is jailbroken.   If I understand a co-worker correctly, he was told by Good that feature doesn’t work on iOS4 either.  I haven’t gotten an answer on how Good tells its jailbroken.   It appears that its checking for installed software (and I’d need to supply the names of the apps to look for).

Calendaring
My only issue with Good and calendaring is the meeting reminders are worthless.  Seems like whether the app is unlocked or not, I get “good meeting reminder” then I have to open Good to see what the meeting was.   One of those security tradeoffs.   But a meeting title isn’t that secret to me.

Apparently delegation is not working.  My Director issued an invitation from Good to a Senior Manager.   The Admin Assistant was unable to accept on his behalf even though she had the correct Exchange rights.   I’m wondering if that is a Good configuration issue rather than something that would require a patch.   

Bottom Line
It’s a bit sad but Blackberry is no longer something they’d have to pry from my cold dead hands.   The Good application is more than acceptable usability and I think security too.   I probably check mail a bit less because it’s in a separate application but that can be a good thing.  The work/life balance can be improved if I’m not looking at work email every 5 minutes.

I’ve now heard question about allowing Good to be installed on personal iPhones.  Check out the Forrester article I linked to yesterday for some tips on policies to use in that event.  To a certain extent the flood gates are opened.   If Good is good enough for a corporate iPhone.  What about personal iPhones.  What about Android. 

I’d love to hear what other people do about a device pin/passcode versus a Good pin/passcode.   Some people feel with a strong passcode policy on the Good application no device passcode is necessary.   I’m not sure I agree with that.

Tags: , ,
Category: Apple  |  Comment

Forrester’s iPhone Article

August 4, 2010, 9:58 pm

Earlier this week Forrester released a paper on iPhone and Enterprise use.   That article was summarizedby Larry Dignan on ZdNet.   As a side note, I started to write on this earlier but wasn’t sure that I could legitimately quote from the article.   I guess it would be ok to quote small passages to critique.   But it’s fairly easy to start using too much.   I don’t need Forrester on my case over their $500 article.   I notice the article was updated 8/4.   I read the original Forrester article.

The thing to remember is these research company articles focus on feature sets.   Can you check the encryption box.    Can you require a pin.   Can you remote wipe.    While that is a good baseline, I’m worried about security not box checking.   Can you bypass the encryption still is first on my list.   So they bury security considerations deep within the article after spending half the article saying the iPhone 3.1 was secure enough.   No.   It wasn’t .   iOS 3.1 failed to fix the Zdziarski Method.   There was also the insecure backups in Zdziarski’s videos.   And then later there was the boot PIN bypass.    Lets not forget that Apple downplayed or denied these issues.   That’s just how they roll.

Andrew Jaquith equates iPhone security with PC security.   Yet denies that the phone needs any of the security software that a PC would have.   He says because people don’t worry about Cold Boot Attacks against Full Disk Encryption, they shouldn’t worry about encryption bypasses on the iPhone.    My FDE product claims to have protection in place against the cold boot attack.   Additionally, the FDE still protects against cold boot attacks when off.   Lastly, laptop computers are necessary.   Replacing the Blackberry with an iPhone is personal preference.   Thus different requirements are possible.  I would suspect a phone is much more likely to be lost, and now it s a candidate to be stolen as well.

The iPhone already found a home in organizations that don’t care about security.   What is supposed to allow us to sleep at night and deploy the iPhone is the new encryption.   Each App can now have a separate data container with its own encryption keys.   Check out Anthony Vance’s blog post .   Only Mail by default is encrypted this way.   Each app developer would have to specifically use it.   I wonder if a year from now we’ll have similar security issues as were found in ios 3.

I feel pretty secure about my corporate email inside a GoodLink on the iPhone.   But what other data will end up on this device?   Fortunately, the iPhone doesn’t seem to like our brand of EAP-GTC.   So it stays off our internal wireless.   We keep them off the ASA by not enabling it for access.  (I’m guessing that request isn’t far behind).

 I feel a bit offended by the tone that anyone stopping to evaluate the security of the iPhone must be a security idiot.   (even though they do go on to say that Corporations under strict regulatory control will need the stronger security of the Blackberry).

Tags: , ,
Category: Apple  |  3 Comments

Unisys and the iPhone

July 9, 2010, 1:12 pm

Have you read this Apple profile on Unisys’ use of the iPhone.

“A wide range of aspects give us confidence that iPhone is a secure device.”

Tip Underwood, Vice President of Sales and Management Support

 I wonder if they still have that confidence after reading about the Zdziarski Method.  or PIN bypass.  The PIN bypass may be fixed in version 4.   Then there is the issue of Apple patching haphazardly, for example the desktop Safari gets patched but the phone lags.  Then there is the issue of patch management on a iPhone.  

It worries me.   That’s why we’ve been fighting iPhone ActiveSync for ever and are looking at Good to see if that might be more secure.

Tags: ,
Category: Apple  |  2 Comments