I read an article about iPhone Security on the blog Ride the Lightning, which decried the iPhone and suggested that it not be used because of security flaws. The main problem I have with articles like these is that my clients read them and immediately come after me for suggesting that they use an iPhone. Obviously I am not immune to this, as the firm Strong & Hanni immediately banned the use of iPhones after reading this blog.
In the post, there are some links to YouTube that show how easy it is to hack into an iPhone. Since the post did not suggest what phone was totally secure, I decided to search YouTube to find the un-hackable phone.
No Blackberry (except for the Blackberry, the NSA spent four months making hacker proof for the President.) So there you go, get elected president and you can use your Blackberry.
There are no videos on how to hack a legal pad or typewriter, so these might be the only options for a totally secure firm.
To put matters into perspective, any geek off the street can hack into an XP Machine. So if you have a desktop or laptop running XP, it is more unsecure then an iPhone or Blackberry. Download The Ultimate BootDisk, burn it to a CD and you can easily boot to an XP machine and change all the passwords. I used to have to do this all the time to help clients recover their data. I guess you have to ask yourself, if you lose your iPhone, is the next person that picks it up going to be able to:
“First off you “jailbreak” the phone by placing it into recovery mode and installing a custom RAM disk to the iPhone. Jonathan mentions that the tools are only available to law enforcement (nice thought, but not so); but also acknowledges that it is fairly simple to develop your own. Several products like Red Sn0w and Purple Ra1n are freely available to “jailbreak” the phone. You then install a Secure Shell (SSH) client to port the raw disk image onto your computer.”
If you have password protected your phone, the person that finds your iPhone also has to be able to:
“Jonathan has another demo where he replaces the passcode file with one that contains a blank password, effectively removing the unlock code.”
Now if you are attorney Michael Clayton and U-North has a crack team of ex CIA types bugging your law partners phones and killing them, you probably want to dump what ever mobile device you have and conduct all meetings in a shower with the water going full blast. For the rest of us, here are some steps to make your iPhone more secure:
1. Password lock your iPhone. Settings –> General –> Passcode Lock.
This will make you type in a 4 digit password every time you want to use your iPhone. After 10 failed attempts the phone will erase itself. I know there is a way to hack this, but the average joe six pack that finds your iPhone will probably not know this. One of the basic rules of security is to put in place obstacles that will make hackers look for an easier target. This is one of those obstacles.
2. Purchase an app like Lost n Found. These apps allow you to put some sort of contact information on the wallpaper of your iPhone. If someone finds your lost iPhone, they will see a contact number. If you have followed Step 1 and locked your phone, this is all they will see. I guess it all comes down to your view of people. Do you believe that most people are good and will attempt to return your phone, or are they NSA level hackers that will go through all your client data and sell it to opposing council and send an ethics complaint to the state bar? It is a sick world.
3. Sign up for MobileMe so you can locate your phone via a website or remote wipe it if you lose it. MobileMe will also allow you to send a text message to your lost phone and send out an annoying noise for two minutes so you can find it. Now, if you lose your device, and the next person that finds it happens to carry around the tool that allows you to yank out the iPhone sim card, this will not work.
If you follow these three steps, your iphone is going to be more secure then Windows XP, but not as secure as a typewriter.
I try not to trash technology companies, but enough is enough. Norton Internet Security is a horrible program. If a client of mine has it, I am guaranteed to have issues. Here some of the common ones I have run into:
Blocks the ability to send email and view web pages.
Prevents connections with other networked computers.
Screws the connection between client/server applications.
Slows the computer down.
Slows down client / server applications
And here is the kicker: It has the ability to @$%! your computer when you try to uninstall it.