The #iPhone: Sleeping with the enemy

A while ago I discovered that, despite its fantastic looks, the iPhone is actually a very unsecure device and just the idea that it might be broken, lost or stolen one day is driving me crazy already. Time to act!

I decided to remove my company data, followed by my Gmail and today I’m only using my iPhone for Twitter and a digital shopping list. For me, personally, the features of my BlackBerry BES are the minimum standard of security and apparently it’s lonely at the top…

Even the use of Twitter is dangerous (if Twitter is online), because my favorite Twitter application SimplyTweet doesn’t use secure SSL to send my data to Twitter. Consider this: The whole security community shouts “SSL is insecure, use EV SSL instead”, while there are still companies, services and application who aren’t even using “plain” SSL… Even our Dutch Government and our National Banks barely see the need of SSL and given the demonstrated and obvious security flaws of SSL they don’t see the need to implement EV SSL, so why would you worry about it?

Tweetie, my previous favorite Twitter application has been using SSL for years. I just think that Tweetie was far ahead of its time and that’s probably why we haven’t seen an update of Tweetie ever since.

I think it’s incredible to see that many people don’t seem to care or think about possible loss or theft of their cell phone, what may happen to their data and the possible impact this may have on their position. And if nobody cares about it, why would the manufacturers of the devices? Except, of course, Canadian company Research in Motion…

Imagine the following scenario: You’re an accountant and you’re using email on a daily basis. You have a cell phone. Let’s say: a Nokia. You’ve had it or a while and it accommodates quite a lot of phone numbers. You’ve had your phone linked to your corporate Exchange server, which took some effort (certificate, software update for your device, sometimes it’s not working and WiFi has never really worked properly), but it allows your to read and reply an occasional email.

Now, imagines your phone being broken, lost or stolen.

Phone broken
Which information did you have on your phone? Did you poke around with that data cable or Bluetooth every day to copy your valuable contacts and appointments to your computer? Did that sunday afternoon of deleting double appointments invite you to try again later? No, of course, because it’s too much pain and too much software is involved. This means: what you don’t have elsewhere, you don’t have and that’s a shame.

Phone missing
If your phone is missing and you don’t know where it is, there may be a chance it’s at home, between two pillows on your couch, but it may also have been stolen. The problem is, that you don’t know and you have to assume you’re not going to find it again. First of all: block your SIM card, so the possible thief can’t call on your expense. ALWAYS secure your SIM card with a PIN code (and pick something a bit more difficult than 0000 or 1234), preventing the thief from calling between the moment your phone went missing until the moment you’ve had your SIM card blocked. And then your data. It’s not only gone, but somebody else is sitting on it. Somebody who only has to press hash-menu to gain access to your contacts, phone numbers, appointments, emails, text messages, notes and whatever I may have forgotten.

And this: What if your phone isn’t stolen, but you have a grateful collegue, competitor, “friend” or somebody who checks your phone from time to time to see if there’s any interesting news? I don’t know anybody with National Secrets on their phones, but your stuff is your stuff and everybody should stay away from it. Well, you can’t take care of that with your Nokia.

And what goes for Nokia, goes for the iPhone in a similar way. Linking your iPhone to your company server is easier than with Nokia, but the remaining data you hadn’t copied using the data cable goes missing if your phone does, nevertheless. And then security. Can you imagine Apple making an iPhone 3GS, allowing your data to be encrypted with a key, that is stored on your phone itself?!? You don’t have to be a genius to understand that this level of “protection” is just a thing from the Marketing Division, who wanted to put on the box that the iPhone 3GS supports Encryption…