After nearly a year after the first (US) introduction of the iPhone, Mobistar the Belgian daughter of France Telecom, will sell the iPhone in Belgium. See their press release? Is this really hot news or not? Well, a recent survey shows us that there were already 15.000 iPhones in use in Belgium. Some unconfirmed reports even talk about 40.000.
These are of course imported jailbroken phones. The big difference is that these unlocked phones lose all their warranty and Apple warns us that jailbreaking them will damage the phone. Although I seriously doubt that last part.
The real launch date is still somewhat unclear. Only "somewhere later this year" was mentioned. But next month, the 3G model is rumored to be released. The big question is, which will be the one launched in Belgium? Releasing an older model in Belgium, combined with the dollar exchange rate will only drive the grey import further.
The truth is, that all these 'hacked' iPhones are inherently less secure. With all those unofficial applications that can be installed, there is a higher risk that insecure software is installed. Especially those software versions that do not support secure protocols to communicate to the internet (gmail, twitter, browsing,....). Features against functionality I guess.
There are some other remarks on the security of the iPhone (or other smartphones for that matter) that can be made.
The first one are the wifi networks that it can remember. Your iPhone will connect to other access points with the same SSID unless yours was an encrypted one. Hopefully, you're not using an unencrypted wireless network at home.
But for using the names of 'open' hotspots, that's another matter. Your iPhone will automatically connect if the name matches a previously connected network (SSID). This can allow for a Man in the Middle Attack (also see Evil Twin). You can mitigate this by using the VPN function of your iPhone. (I feel a tutorial coming up)
A second topic we haven't discussed yet is secure deletion. If you want to delete any private information, a firmware restore or 'erase all content' is not enough. You can use the following steps to delete your information.
- Got to Settings, General, Reset and Erase all Content and Settings
- Make a SSH connection to your iPhone and make a folder in '/' (root) and '/var' and upload as many files till the memory is full.
- Restore the iPhone through iTunes.
The previous version carried an ARM processor. The bad news of this move is, that exploits for the i386 processor now will also work directly for the iPhone.
So that's all the iPhone news and tips for now. So how long will it take before our C-level managers are demanding us to synch their information with their PC? Just keep an eye on the release of the 2.0 version with it's enterprise (security) features.
Previous articles:
- Spoofing the iPhone's Wi-Fi Positioning System
- Webcast: iPhone Forensics Demonstration
- How to watch security conferences on your ipod
- Invasion of the (belgian) iPhone users
- Gathering information about mobile security
- Will mobile devices take over the world?
- iPhone security 101
- Get a VPN client on your Iphone or Ipod Touch
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
0 comments:
Post a Comment