So, I was talking with an IT Guy who just finished up a project where he was looking to see if the iPhone was a viable alternative to using the BlackBerry at his company. Like many companies, he said that there are a ton of non-BlackBerry using folks that want to be able to get their email via the iPhone.
IT Guy said that he picked up on iPhone 3G the Sunday after they launched and knew before the following Monday morning that he wouldn’t be able to do anything more than allow web access to email as far are corporate applications go. IT guy said that he wouldn’t even be able to set up the email push which is now native to the iPhone.
IT Guy’s biggest concern… Security. His exact words were, “Apple knows everyone would be hacking these things and it seems like they didn’t even try when it comes to security”.
IT Guy said that he bought his iPhone 3G on Sunday morning and had the thing “jail broken” by Sunday night. Jail Breaking is the basically hacking your iPhone to allow it to do things that it wasn’t intended to do.
IT Guy asked me if I had ever heard of a jail broken BlackBerry. I said “no”, then he said “That’s why Apple won’t be moving in on their turf in the enterprise anytime soon.
Believe it or not, IT Guy said that he is going to hang on to his liberated iPhone 3G because it is cool to hack around with. He won’t be letting it anywhere near his corporate network though.
Leave it to the geniuses in IT…. Because the iPhone can be hacked is a reason not to let it on your corporate network? That’s like saying because there are thousands of Windows viruses, you won’t let a Windows machine on your network. The corporate network will only allow what the network’s security measures will allow. Hacking an iPhone won’t let you past the network’s security measures.
I agree, the iPhone lacks some enterprise needs (remote wipe, “forced” security policies, etc.)…. The iPhone OS is basically the Mac OS, so if he is not letting the iPhone on his corporate network, he must not, but the same logic, allow Macs on his corporate network.
Geesh, Jail Broken, schmoken. It’s just a term for reflashing the unit. Happens to phones (in particular Nokia) every day, it’s a feature not a security risk!
Blackberrys’ are susceptible to a few attacks already BlackJack and the more recent PDF ‘sploit to name a few. If don’t use content encryption (which is disabled by default) your device data is susceptible to frozen RAM attack (a proof of concept USB stick already exists to attack PCs).
If your policy doesn’t prevent users from loading applications via desktop manager or OTA then you’ve practically left the door open for the bad guys.
The device is only as secure as the sysadmin makes it.
At the end of the day, once the unit is in the hands of the bad guy (assuming remote wipe failed issued and content encryption wasn’t enabled) the device is already compromised.
I love how everyone goes around saying the BB can’t be hacked and all. You watch, as this device gets more popular, there will be hacking. Nothing is bullet proof.
@Chris B – You’re right about the IT guys. Most are Wintards who follow the M$ party line. The same thing must be true with BBs.
Just for the record, I am not saying that BlackBerrys cannot be hacked. It is just extremely rare and significantly difficult to do.
IT Guy’s biggest concern with the iPhone wasn’t that people were going to maliciously hack their network, but, with the ease at which iPhones can be flashed to do other things and the lack of central control from preventing it.
@Chris… How many companies do you know that just allow you to add your own personal PC or laptop to their corporate domains? Not saying that it doesn’t happen. I am saying that said company would never pass even the most light weight of security audits.
There is no doubt that thousands of viruses target Windows PCs, however, those PCs generally belong to a domain and are completely owned and managed by IT who, undoubtedly, take measures to try to prevent them.
This simply isn’t the case with iPhones.
Of course you would get that attitude from IT guys. If they had there way no one would have PCs – we would still be using dumb terminals connected to mainframes where they could completely control the whole environment as if it was 1975.
…me thinks you hit a nerve, here, robb.
my, my. it seems like someone(s) got up on the wrong side of the iphone this morning…
The IT is a hack
How does a jailbroken iPhone pose a security risk?
Hmm, it doesn’t. Even jailbroken and hacked beyond belief, it still can’t bypass an email login or brute force attack the login.
I think jail breaking and hacking are two different things. The only reason the iphone is so popular for jail breaking is because it’s limited to one service provider in the states.
You can get a Blackberry on any service provider so there isn’t a demand for a jail broken Blackberry. That, and quite frankly, it’s just not as ‘sexy” or sought after device.
Nobody I know has waited in line for one, nor am I aware of them being sold out for weeks and thousands of people blogging about them or trying to find when the next shipment will arrive.
Maybe you could look at it like the classic Windows vs Mac debate with virus but reversed. More viruses for Windows since it’s more popular. People jail break iphones because they are a more popular device.
Right, there’s no NEED to jailbreak a blackberry. It’s already jailbroken, rather it’s open. Jailbreaking is just opening the platform.
I am just glad so many iPhone folks read my little BlackBerry Blog… 🙂
I do have a question for some of you BlackBerry folks out there though… How many of your BlackBerry Administrators would allow you to continue to connect your device to SAP, Oracle Financials, PeoepleSoft or some other mission critical enterprise application after you’ve installed firmware that they don’t support or even know you may have on your device?
I am guessing about the same number that would just let you join your personal laptop to the corporate domain because you got a “really cool new one”, but, I thought that I would ask the question anyway…
OK, I agree that iPhone is lacking some critical enterprise security things (Perhaps that is your point).
But the crux of the matter is that you still need password, user ids, certificates, etc. to access Oracle, PeopleSoft, Notes, etc. And presumably, like a Blackberry, you would need IT to “authorize” your BB/iPhone (and probably sign some security/confidentiality agreement).
And desktops can be hacked, other software loaded, browser/flash/web/quicktime exploits/vulnerabilities, etc.
For this IT guy to say “Apple knows everyone would be hacking these things…” is just silly.
I think the ultimate point is that hacking the OS so that it can be doing things it is not supposed to be able to do, cannot be supported. If you’re able to put apps onto the phone that IT deems you shouldn’t have on the phone then IT shouldn’t have to support why your SAP app stopped working or why your Exchange Activesync stopped working.
Here’s the rub though, many end users not all, but many who would jailbreak their phone would still expect IT to fix the problem. Its like the guy who installs his own custom exhaust on the car and then expects the mechanic to fix the smog on his car without changing anything back to spec.
Or a guy who installs his own software on to his laptop, that VPN’s in to work. You can do all sorts of stuff with a laptop, yet IT doesn’t restrict that from full VPN access in to work.
Security is really only a concern if an employee loses it, then someone finds it and hacks it. Can they access data they shouldn’t before it gets remote wiped by hacking it? Even so, is that any different than a Blackberry or Windows Mobile?
BB perhaps, but WM it doesn’t seem likely.
Wayne,
Ever heard of “cloud computing?” The push to store files on the internet and to share multi-licensed software over a network is coming back in vogue. My guess is that it’s not a function of the IT guy wanting to “completely control the whole environment as if it were 1975” and more a matter of the cost savings and security (in the sense that storing data off-site means that a disaster on-site doesn’t cripple a business a la 9-11).
Urrrm, Jailbreaking the iPhone took a significant amount of effort from a number of hackers. Now that it has been done, it is easy to do. This is not a function of the hackability of the device, just the force of will to do it. Why in the world would you want to hack a Blackberry? Most of the jailbreakers are looking to circumvent one of two things – Apple’s App Store distribution model or the lock in to one provider for service. Blackberry doesn’t have these issues, so not that many people want to hack into them. As for using the iPhone in the Enterprise, at the moment it is on a par with all the smart devices in the Enterprise using Exchange Activesync in terms of security. One of the big four management consultancies, who I used to work for, issued Windows Mobile devices using Activesync. The security is on a par with the iPhone 3G – if they are willing to do WM, they shouldn’t have a problem with iPhone. Hacking into a WM phone is perfectly straightforward.