« Off-the-Shelf Spyware | Main | A Needed Correction on MobileMe Security »
August 14, 2008
iPhone Thursday: Speed, Sheep, Inscrutability
Hey, good news, iPhone users! Gartner says iPhone is acceptable for the enterprise!:
“Just barely, that is, as there’s still room for improvement on everything from application support to security to calendar access. Yet Apple’s latest handset is now viewed as a legitimate enterprise mobile device, according to a new Gartner report.
“‘It’s acceptable for enterprise use if the security it provides is the same as other handsets in play,’ Ken Dulaney, an analyst at Gartner (NYSE: IT), told InternetNews.com. ‘You’re only as secure as the lowest denominator,’ the analyst added.
“The iPhone features a complex password system for Microsoft Exchange users and a ‘wipe’ feature that clears the phone’s contents when a password is violated. Neither security aspect was provided on the initial firmware, according to Gartner.
“The research assessment comes as iPhone users are increasingly pushing the device through back doors to use as a workplace smartphone, since IT teams have been reluctant to formally adopt the popular handset due to what has been viewed as weak security mechanisms.”
The iPhone’s reception at DefCon has been equally enthusiastic. (Though I’m pained to point out that the “issues” reported in that link stem less from the iPhone being a rattling deathtrap of ‘sploitability and more from the essential dimness of mobile phone users of any denomination who wander into DefCon of all places, then blithely join any Wi-Fi network that presents itself.)
“While attendees are fairly careful about using their laptops on the wireless network, mobile phone users often blindly log into the network and surf away. Many of these iPhone and Windows Mobile phone users were caught and displayed on the wall. Some of the more popular phone logins captured were Twitter, ICQ and even Yahoo mail.
“Wall of Sheep member Beau Haugh said developers are constrained by small keyboards which forces them to focus on usability rather than security. ‘Special characters [in passwords] are best practices for security gurus,’ Haugh told us adding that they are ‘a big pain the butt’ to type on a phone keyboard. He added that mobile applications are usually more concerned about pulling data from sources rather than secure authentication.
“The team also discovered that many iPhone users were getting ‘owned’ as soon as they walked onto the convention floor because most users unknowingly have their phones set to automatically connect to available wireless networks. Of course this is a horrible feature to leave enabled at Defcon because the wireless network is considered to be the most hostile in the world. By the second day of the convention, the Wall of Sheep screen displayed a helpful reminder to iPhone users – ‘You don’t want your phone auto-connecting to *anything*’”
That iPhone Good News Item takes on a special poignancy when we consider iPhone Good News Item No. 3: “iPhone 3G network problems may get firmware fix”.
The speculative fix is for problems the iPhone appears to have getting and holding a connection with 3G networks, at least in the US. Maybe if those problems didn’t exist, more people at DefCon would be using their blazing fast 3G connections instead of suspending all reason and deciding “DefCon” spoken in the same breath with “Wi-Fi” sounds more safe than “stranger in a van” and “candy.”
Colleague Andy Patrizio at internetnews.com documented some of those issues on Tuesday. I haven’t noticed 3G connectivity problems because my iPhone suffers from the other 3G-related problem, which is that its GPS location services stop working unless I connect through EDGE. If I didn’t work inside my own little Wi-Fi cloud all day long, I’d be miffed. As it is, I’ve got a Mr. Spock-like sense of detachment regarding the possibility that some day I’ll be able to watch YouTube at lightning speed and know exactly where I am at the same time. Until then, like Galadriel, my iPhone has diminished and faded into the EDGE, where it will await a patch.
I don’t know if Andy’s a new Apple buyer or not, but for those reading who are, some sage counsel from Ars Technica:
“Supposedly, the ‘problem is affecting 2% to 3% of iPhone traffic,’ which doesn’t seem so bad, as long as no one else buys an iPhone. The real problem for Apple will be if the firmware upgrade doesn’t work. As it stands, we are currently at the second step in a process of customer service that will be familiar to longtime Mac users.
“There is a problem with an Apple product.
“Apple won’t admit to it.
“Someone threatens legal action.
“Apple does a recall.“Welcome to the club, iPhone users.”
Posted by mhall at 8:03 PM | Add Comment
Leave a comment