From: Susan Wilhite (MKT-US)
Sent: Tuesday, August 03, 2010 6:18:35 AM
To: Morton Swimmer (AV-EMEA); Max Goncharov (AV-EMEA)
Cc: Robert McArdle (AV-EMEA); David Sancho (AV-EMEA);
Morton Swimmer (RD-US); Ben April (RD-US); Newsbank
Subject: RE: iphone4 jailbreak from mobilesafari
Auto forwarded by a Rule
And today: http://www.readwriteweb.com/enterprise/2010/08/7-iphone-security-policies-eve.php Also posted in the Trend Community White Hat Lounge. Roger has been contacted to secure this Forrester paper for us.
How to Secure the iPhone and iPad for the Enterprise
Written by Klint Finley / August 2, 2010 2:00 PM /
iOS is becoming increasingly popular in the enterprise. It's sometimes been a bumpy road, but according to Forrester iOS has reached a level of security that should be acceptable to most enterprises. Forrester released today a new report titled Apple's iPhone And iPad: Secure Enough For Business? In addition to covering seven basic security policies every enterprise should implement, Forrester lists several optional security policies and identifies some high-security areas in which iOS based devices shouldn't be used. The basic settings detailed should also be applicable to Android 2.2.
The seven basic policies are:
1. Require email session encryption.
2. Wipe devices if they are lost or stolen.
3. Protect devices with a passcode lock.
4. Autolock devices after periods of inactivity.
5. Autowipe devices after failed unlock attempts.
6. Protect the configuration profile.
7. Continuously refresh policies.
Of particular note is the lack of the ability to control applications on iOS devices. IT managers can either turn off the ability to install apps, or leave it on - there's no means for creating white lists. Forrester sees application control as the next "battleground" for enterprises adopting iOS and Android devices.
Another issue is the lack of a means to separate private and business use. For example, sensitive information could be copied from a business e-mail account into a personal account, and uses could have all their personal data remote-wiped as well. We see this as a major emerging issue in all areas of enterprise software, not just for mobile devices, as social media use in the enterprise accelerates.
Enterprises such as Intel and Wells Fargo have been allowing or even encouraging enterprise use of iPhones and iPads, and we've been seeing more and more reports of enterprise adoption of iOS devices. Apple and Google have improved their respective security features, and we expect to see more improvement in the future as both compete with Research in Motion in the enterprise.
If I remember how the previous jailbreaks work, you need do modify both the phone-side OS as well as the PDA-side OS. This hack seems to initially just involve the PDA side OS as they state that you still need an additional app to unlock it.
Anyway, I would think that the modification to the OS can be detected, if not just because you can access the alternative App Stores.
On 2 Aug 2010, at 11:00 AM, Max Goncharov (AV-EMEA) wrote:
Can we some how evaluate it and check if iPhone backdoored ?
On Aug 2, 2010, at 16:54, "Edgardo Diaz (AV-US)" <email@example.com> wrote:
“Thanks to some serious work by @comex, you can now jailbreak your iPhone, iPod Touch, or iPad right from MobileSafari — no PC or Mac needed!”