According to Wired an independant hacker has called the new iPhone 3GS’s encryption “so weak it can be cracked in two minutes with a few pieces of readily available freeware”. You would think that before Apple made statements regarding the security of its software that it would of actually tested the claims. Of course this isn’t only Apple’s fault. According to the same post almost 20% of Fortune 500 companies have ordered in excess of 10,000 iPhones a piece with a few (including some goveernment agencies) having ordered over 25,000. This is ridiculous. Where are the IT security guys whose sole job it is to vet out technology? If the CEO wants an iPhone and you’ve done the testing required. Make sure to convey the security risks surrounding the decision being made.
Security testing is a major portion of the software development cycle in regards to web applications. Mobile applications should be constrained to the same standards. After reading this post by MacWorld regarding the remote wipe feature on the iPhone, it’s filled with points of failure. From the ability to stop the wipe process by hard resetting the phone in the middle. Of course, if the phone doesn’t have a lock screen it’s easy enough to go in and disable the remote wipe accessibility. One other caveat is the requirement to have a MobileMe account which costs $99/year after the 60 day free trial. So you probably won’t have the account.
