People using their iPhones for business must pay particularly close attention to its security features. The scorecard at this point seems a bit mixed. While the company has released a security update that addresses some issues, experts still are voicing concerns.
Apple released the iPhone OS 3.1, which includes new anti-phishing software, last week. eWEEK and other sites To be fair, it is too early to say if the problem is a tweak away from being solved or is fundamental and more difficult to handle. It's also fair to note that other smartphones also face security challenges. The bottom line is that the more sophisticated the devices and valuable the data they receive, store and transmit, the bigger the security issues will be. That's as true for Research in Motion BlackBerries and Palm Pres as it is for iPhones.
The industry seems to be in the process of vetting the iPhone 3.1 phishing issue. eWEEK says that in some instances the blockage of phishing sites is inconsistent between the mobile and desktop versions of Safari, the browser used on the iPhone. eWEEK credits The Mac Security Blog with the news that some iPhones are acting differently from each other in terms of what sites are blocked.
But that doesn't means that security won't continue to be a key concern. The question of iPhone 3GS and its interaction with Exchange ActiveSync (EAS) is explored in this long and technical feature at Computerworld. Jay Sartori writes that there are three flaws in how the iPhone handles EAS. The first is that policies are not handled as expected by the phone. Secondly, the way in which password prompts are handled can be used by clever hackers-armed with a brute force cracking program-to learn subscriber passwords. Finally, there are flaws in the process of changing a system passcode.
The advice offered is that companies always should use encryption. However, this Apple Insider piece suggests that there may be security challenges in this area as well. Sartori concludes that the iPhone is a terrific device, but that its security features "are not quite ready for the enterprise and contain various bugs."
It's interesting to note that the previous version of the OS-iPhone OS 3.0-had a flaw which was supposed to be addressed in iPhone OS 3.1. The problem, according to MX Logic, is that deleted e-mails could still be recovered by search, though they no longer showed up on the main mail interface. The presence of the e-mails -- which may have been deleted because they contained questionable links -- could lead to accidental openings and subsequent problems.
There is a quite a lot going on with iPhone security, and it's all very technical. Enterprises are advised to consult with the proper internal and external experts before using these devices for sensitive business purposes.