Over at our Computerworld cousins, blogger Seth Weintraub writes that the recent hacking of the beta 2.0 iPhone firmware is bad news for enterprise adoption. While I won’t dispute that security is obviously a primary concern for many corporations and that the perception of security loopholes is certainly not good for Apple’s hopes of moving into business, it seems to me that Seth’s article just piles on to that flawed perception, instead of looking at the facts.
What is this saying to enterprise IT? When 13-year olds are hacking into the devices that are supposed to hold all of their corporate information, how are users going to feel secure that their data is protected?First off, that’s not how the hack works. What the iPhone Dev team has done here is create their own custom, hacked version of the firmware and loaded it onto the phone. Unless they’re going to sneak into your house and install the firmware on your phone while you’re sleeping, this isn’t a matter of people hacking into your phone; this is a matter of you deciding to hack your own phone. And, let’s face it, if they’re sneaking into your house, then you have bigger problems you should be worrying about.
Like, potentially, ninja burglars.
Apple, for its part, has been pretty relaxed about securing the iPhone. Tim Cook recently said of the unlocking “Its a problem that we love to have - because it shows demand overseas.”Sorry, Seth, this is the equivalent of crossing three lanes of traffic without turning your turn signal on (an all too common occurrence where I’m from, I’ll concede). Cook’s comments were specifically about the unlocking of handsets to use on alternate carriers; they weren’t aimed at those “jailbreaking” the phone to install their own applications (though the 2.0 hack reputedly does both). We’re talking about people who just want to use the iPhone but can’t because it’s not yet available in their country. Cook and CFO Peter Oppenheimer, who reiterated the comments, are right: this is a pretty good problem for Apple to have.No, it isn’t.
A reputation for easy hacking isn’t going to get you into the enterprise very quickly - if at all.
What to do?Look, it’s pretty much impossible to lock a device down completely, unless that device allows no information in or out—and what do we call that? We call it a brick. Enjoy making phone calls and surfing the Internet on your chunk of fire-baked clay. Apple’s model of distribution is pretty damn secure: they control all the apps available in the App Store, and unless you hack your phone yourself, unsigned apps won’t run on the phone. This has been the source of plenty of people complaining that the iPhone platform isn’t open enough, but I think this is the first example of someone claiming it’s not closed enough.Apple, if they want to sell lots of phones (10 million by years end) and they want to sell to a security-concious enterprise, have to lock their platform down - for real. This will leave all of the one million unlocked iPhone users out in the cold and kill unlocked iPhone sales - 25 - 33% of Apple’s business, depending who you ask. This is something I don’t think Apple is prepared to do.
What Apple REALLY should do is open up the iPhone to be available on any carrier (that supports it). All of the unlocked iPhones would still work and Apple could still earn a revenue off of them through the App Store. Additionally, they could open up the development platform more - so that developers aren’t forced to make hacked applications. Then they should really lock down the device - like for real.“Like for real”? Thanks for that illuminating explanation, Lindsay Lohan. Just a paragraph earlier, you claimed that Apple’s going to have to stop having its cake and eating it too—and then you go on to suggest that fixing the problem is as easy to solve as opening the platform and then, using some sort of mystical and hitherto undiscovered process, “lock it down.” How? How can you give developers more access and then somehow turn around and lock down the platform? It makes no sense and my brain hurts.
This will cost Apple its cut of the carrier revenues - but in the long run will be much better for consumers.Let’s get one thing straight here: I’m pretty sure a 13 year old could easily hack a Blackberry…if they wanted to. Why is the iPhone so widely hacked? Because it’s sexy and popular. Forget enterprise shares here: on a mindshare scale, the iPhone easily trumps the Blackberry. Easily. And because it’s a device that so many people want, of course it’s going to be the garget of dedicated hacking.…and, most importantly, won’t make people think Apple makes the products that even a 13 year old can hack.
Again, however, we have to deal with the matter of perception. Those enterprise users who are as uninformed about it as Weintraub may very well equate the iPhone hacking they’ve heard so much about to security problems, but we’re talking about problems from the inside, not the outside. And how come those same users aren’t concerned about the security risks of RIM’s centralized email system, as Steve Jobs pointed out at the SDK event? Maybe it’s because there aren’t any 13 year olds working there.
Yet.
Not to mention, as I am always telling users, once some has 'physical access' to the hardware all bets are off. I mean even with remote wipe of data you could always block the signal (for someone who intentionally stole it).
Actually Seth Weintraub is making valid points here. Many corporations are hesitant to adopt devices that do not support security paradigms they are aware of and used to. One major issue corporations are going to have with iPhone is the lack of data encryption. The other issue is that the users are able to escape (or jailbreak) the sandboxed environment at will.
Consider this: a corporate iPhone is stolen. The thief will disconnect it from the cellular so remote wipe will not work. Then the thief has all the time he needs to jailbreak and steal the data. This is a threat scenario corporations are not going to take lightly!
if few have the beta 2.0 firmware, won't Apple be able to narrow down who supplied this beta for the hacking?
I agree with you completely.
Couldn't the same be said about hacking a corporate laptop or desktop.
How is the iPhone any different than a Palm OS, Windows Mobile, Blackberry, Symbian, or Linux powered phone. Can't they all be hacked.
It does point out that in the future antivirus software on the desktop will have to look for iPhone specific viruses, trojans, worms, etc. before they can be installed in the iPhone. After all the iPhone is a computer with internet access.
The point of the article is PERCEPTION. Just like the Halo effect. If the iPhone is associated with hacking, then security conscious users will shy away from it.
Reread the article and see if it makes more sense.
@Anonymous, is 100,000 a few?
@Anton, you can't replace the firmware without deleting the data.
Everyone is forgetting that one of the features is the enterprise can force users to protect their phones with a PIN (whether they can keep you from setting it to 12345, I don't know).
What I didn't see in the announcement was any discussion of S/MIME. Will the iPhone support sending/receiving encrypted/signed email? That's the deal breaker.
And Dan, it's target, not garget.
To be honest Apple is becoming a giant of the tech world like Microsoft was for the early 90´s and late 90´s, they are getting involved in to many places, where its going to pop up for sure that hackers want to explore this new realm. I know for sure we are going to get bombarded with worms soon enough and viruses, Mac are getting popular; it now has intel chips, a luxury for hackers, and if you guys have ever been using using any torrents out there, by all means there are tons of mac software already being distributed like final cut studio 2, apeture 2.0, logic studio, etc etc so this is to say that the more people are getting their hands on Mac more pirated software are going to show up and more macs getting viruses and being hacked.
"Couldn't the same be said about hacking a corporate laptop or desktop.
How is the iPhone any different than a Palm OS, Windows Mobile, Blackberry, Symbian, or Linux powered phone. Can't they all be hacked."
I am not familiar enough to comment on the other platforms, but there are encryption and anti-virus solutions for Symbian platforms from several vendors. Corporations seem to even use them.
@Seth: I agree that perception is an issue (I acknowledged that in the post), but my concern was that your article merely reiterated flawed reasoning in support of that perception, never offering a counterpoint as to why that perception may itself be inaccurate.
Writing an article that reports that any stories using both the words 'hacking' and 'iPhone' negatively influence the perception of the iPhone is already biased journalism as the article itself just adds to that negative perception.
If you want to write about irrational perceptions caused by media reports, you really should make clear that these are irrational perceptions. Otherwise you are just in the business of amplifying irrational perceptions, not any kind of journalism.
(This is not to deny that irrational perceptions can have a real impact on businesses.)
Are you an idiot? NO ONE HAS HACKED THE IPHONE.
"If the iPhone is associated with hacking, then security conscious users will shy away from it."
Yes, just as all those corporate users have shied away from the Windows OS because it is associated with hacking. Excellent point - how could we have missed it?
For the impaired, hacking != cracking.
http://www.ccil.org/jargon/jargon_23.html#SEC30
I'm not sure I follow you with the "iPhone gets hacked more because it's more popular" (the inverse argument as to why Mac OSX gets hacked less) but please can we stop calling it "hacking" when all these developers are doing is making small modifications. I don't consider plugging my iPhone in, running an app, and pressing a button to be "hacking". I think that the definition of the word is what's causing a little confusion here: those who don't know much about the technical world (the author of the article in question would rank near the front of the line on that) get their panties in a bunch over what they think it means, while the rest of us roll our eyes. It's only going to get tougher to wade through ignorant and sensationalist articles with the keyword "iPhone" in their title. I think I'm going to stop here. In summary: No, hacking is not going to be a problem for enterprise users, and stop throwing gasoline on the embers.
@Anton
Remote wipe works very well since 99% of the time the phone is simply lost, the thief is an idiot or a passersby finds a phone and just starts using it for free phone calls. Most don't care about the data on it.
I don't disagree with your other points but Seth Weintraub just doesn't understand the real risks.
If this is how corporate users think, no wonder Apple's been shy about getting into the enterprise.
Even if this perception exists, it's still irrelevant because there's absolutely nothing Apple can do about it. What you're suggesting, Seth, makes no sense at all.
The very reason the iPhone is getting hacked is because its capability is limited, both by the software installation restrictions and the single carrier choice. Now sure, Apple could make this a multi-carrier device and let you use it on any network (I'd love for them to do that), but that won't do anything to stop the guys jailbreaking their phones to run unauthorised software. Especially not if, as suggested, Apple locks it down even more, like for real.
And even if Apple were to make the iPhone a completely open platform, there would still be guys hacking the underlying firmware to discover its secrets and customise it. That's what hackers do. Short of completely disabling the iPhone's functionality, or not selling the devices at all, there's not a thing Apple can do to prevent it.
The iPhone is just fine for enterprise work, and is no less secure than Blackberries or other smartphones. In time, I expect this fact will shine through despite the FUD.
Right on Dan... Seth's article does little except to reiterate and reinforce the false perceptions he speaks of. Bad Journalism.
"Consider this: a corporate Blackberry/Windows Mobile/Symbian is stolen. The thief will disconnect it from the cellular so remote wipe will not work."
Yeah, iPhones won't make it in Enterprise :p
Corporations don't do a thing, people who work on those corporations do. Saying that corporation X and Y want to use paradigms that are known to them is akin to saying that the CEOs and the rest of the upper management haven't gotten a clue about computers or security. I've seen VPs of interactive ad agencies who don't even know the first thing about HTML or Flash; let's not even mention data security. As a matter of fact, most people who work with computers and sensitive confidential data don't know the first thing about security. Apple has a excellent track record at doing just that, keeping stuff secret, and I am confident the steps they are making to keep the iPhone safe are the right ones.
It seems like Computerworld should, perhaps, consider hiring a few thirteen year old kids themselves in order to improve the quality of their offerings.
Thanks for exposing this piece of blatantly incorrect garbage.
Remote wiping is easily defeated with either a sheet of aluminum foil or a metal lunch box.
Having either wrapped the phone or placed it in the lunch box and thus temporarily disabling remote wipe, the phone thief can, once again, extract the data at his or her convenience.
reinharden
@Dave-O:
Are you implying that 100,000 people have the iPhone 2.0 beta firmware? You're referring to the people who downloaded the SDK, right?
Sadly, the SDK does *not* come with the beta firmware. There's no way to request the beta firmware from Apple. For the time being, we have to wait till Apple decides to expand the beta to the unwashed masses.
@Anton: "I am not familiar enough to comment on the other platforms, but there are encryption and anti-virus solutions for Symbian platforms from several vendors."
Not sure how that's a plus for Symbian.
Anti-virus solutions exist for that platform because viruses exist on that platform.
I guess it's possible that one could market an anti-virus package for iPhone -- maybe it would even help Apple with enterprise adoption.
It's funny, though; you'd think just marketing a platform that's so resistant to viruses that none have actually been shown to exist would have done the trick.
Textbook FUD.
Almost daily we get new horror-messages on how soon real viruses / worms / security holes for the Macintosh or the iPhone will pop up. I've red dozens of blog entries warning about supposed security issues with the iPhone. However, to this day, I haven't heard of a single vulnerability in any Apple product ever that has actually been exploited.
Even the best hackers / crackers / script kiddies can't actually break into an iPhone based on assumed and possibly likely vulnerabilities... There would actually have to be one!
The Anonymous that posted at 4:20 AM, on 14 March, has it right. How many years now have we been hearing about the impending doom of Apple, OS X, and the Mac due to the viruses running wild through the unprotected population? Has this come to pass? No. But that still doesn't keep journalists from posting FUD instead of facts.
Here is a question for any real journalists out there. How much money would corporate America have saved in fees paid to anti-virus software companies, if they had been using Macs instead of Windows? How much money would have been saved by using Macs and avoiding the costs associated with recovering Windows boxes that have been comprimised in spite of the installed and up-to-date anti-virus software?
Want a story idea with some real meaning? How about a story involving real research regarding why none of the forecasted doom scenarios have come to pass on the Mac/OS X to date?
Funny how the "security-conscious" entreprise is wary of the iPhone and yet keeps using Windows... Anyone else find this hilarious?
Err... I think you're quite amusingly confusing the word 'hacking'. Apple releasing an SDK, for example, gives developers a chance to 'hack' the iPhone - a good thing. If you're talking about security concerns, that's something completely different.
Well done on the FUD-spreading, though.