Poor iPhone security a barrier against business use?
By Michael W. Jones
Security may be the largest barrier keeping the iPhone from success in the business world. Is the success of the iPhone as a personal device the reason for its security shortcomings?
The recent introduction of the new OS 3.0 operating system for the iPhone, and the myriad new features that it brings to the table, has a lot of users talking about the better business applications that could be written for the iPhone and Touch. Yet some of these features weigh against the chances that the iPhone could overtake Blackberry/RIM in the business world.
One example is enough to make the point. According to Apple at the introduction of OS 3.0, the new API released to developers allows them to tap into the core of iPhone Bluetooth capabilities. This was touted as a way for users to casually look at each other’s music lists, and even to play selections from another user’s phone. RIM security experts recoil from any such usage in horror, carefully vetting any Bluetooth device that wants to connect to a Blackberry, according to an eWeek story. They say that it is security suicide to open up the data on your portable business platform to a room, or a street corner, full of people. They are probably right, if that is indeed what Apple does.
Ben Halpert is a security researcher, security lecturer, and a Certified Information Systems Security Professional ( CISSP). Halpert says, “If you talk to enough iPhone owners – who are potential enterprise users – you’ll find that the iPhone user base has built up an unrealistic expectation that Apple will come to their rescue and enable the iPhone for enterprise use on a grand scale.”
Halpert does not see this as being the case. His opinion is, “Apple seems to be throwing a few breadcrumbs for the enterprise market, to keep them interested, but not enough to enable a full-scale deployment.” That is to say, Apple is making it sound like their API is a tool for enterprise development, but is not delivering the goods.
Pointedly, Halpert says, “I’m interested to see what the first app is that contains a malicious component to exploit this new feature.” Halpert says that in areas like this one, he is a realist. He continues, “If you make a criminal’s job easier, they will thank you and build exploits that will fly under the radar. Individuals with malicious intent can be just as creative as the honest App Store developers.”
Will the iPhone work for the enterprise? Halpert is not hopeful: “The CIO decision should be based on the benefit [the iPhone can offer] the business. Do the benefits outweigh the costs to the enterprise? This includes the risk management component.”
It remains to be seen what uses will be made of such features as Bluetooth peer-to-peer on the iPhone, and what security limitations will be imposed by Apple on the use of such features. It could easily go either way, or Apple may have a way to sequester business data from entertainment data. It would be a shame to see Apple lose the business marketplace to secure the entertainment marketplace. One can be sure that Apple knows this as well.
Related:
Entry was posted
on Friday, March 20th, 2009 at 3:38 pm
under 
Print This Post
Read more entries by Michael W. Jones.
Stumble It!
