Skip to content

Trend Micro
Posts: 531
Registered: ‎08-11-2009

How to Secure the iPhone and iPad for the Enterprise

How to Secure the iPhone and iPad for the Enterprise

Written by Klint Finley / August 2, 2010 2:00 PM / 0 Comments

iOS is becoming increasingly popular in the enterprise. It's sometimes been a bumpy road, but according to Forrester iOS has reached a level of security that should be acceptable to most enterprises.


Forrester released today a new report titled Apple's iPhone And iPad: Secure Enough For Business? In addition to covering seven basic security policies every enterprise should implement, Forrester lists several optional security policies and identifies some high-security areas in which iOS based devices shouldn't be used. The basic settings detailed should also be applicable to Android 2.2.

The seven basic policies are:

1. Require email session encryption.

2. Wipe devices if they are lost or stolen.

3. Protect devices with a passcode lock.

4. Autolock devices after periods of inactivity.

5. Autowipe devices after failed unlock attempts.

6. Protect the configuration profile.

7. Continuously refresh policies.


Of particular note is the lack of the ability to control applications on iOS devices. IT managers can either turn off the ability to install apps, or leave it on - there's no means for creating white lists. Forrester sees application control as the next "battleground" for enterprises adopting iOS and Android devices.


Another issue is the lack of a means to separate private and business use. For example, sensitive information could be copied from a business e-mail account into a personal account, and uses could have all their personal data remote-wiped as well. We see this as a major emerging issue in all areas of enterprise software, not just for mobile devices, as social media use in the enterprise accelerates.


The report also notes that third-party mobile security and device management software from vendors such as Afaria, Trust Digital, MobileIron and Good can provide additional security features.


Enterprises such as Intel and Wells Fargo have been allowing or even encouraging enterprise use of iPhones and iPads, and we've been seeing more and more reports of enterprise adoption of iOS devices. Apple and Google have improved their respective security features, and we expect to see more improvement in the future as both compete with Research in Motion in the enterprise.

Please use plain text.
Trend Micro
Posts: 531
Registered: ‎08-11-2009

Re: How to Secure the iPhone and iPad for the Enterprise

More news about Apple, this time on jailbreaking:


Apple Security Breach Gives Complete Access to Your iPhone


Right now, if you visit a web page and load a simple PDF file, you may give total control of your iPhone, iPod touch, or iPad to a hacker. The security bug affects all iOS 4 devices and the iPad.


The vulnerability is easily exploitable. In fact, the latest one-click, no-computer-required Jailbreak solution for iOS 4 devices uses this same method to break Apple's own security (although in a completely benign way for the user).


How it works

It just requires the user to visit a web address using Safari. The web site can automatically load a simple PDF document, which contains a font that hides a special program. When your iOS device tries to display the PDF file, that font causes something called stack overflow, a technical condition that allows the secret ninja code inside the font to gain complete control of your device.


The result is that, without any user intervention whatsoever, that program can do whatever it wants inside your iPhone, iPod touch or iPad. Anything you can imagine: Delete files, transmit files, install programs running on the background that can monitor your actions... anything can be done.


This is not the first time that something similar has happened. At the beginning of the iPhone's life there was a problem with TIFF files that also caused the same security breach. Apple patched the bug after a while, but back then there were very few iPhones compared to the current installed base. Apple says that there are 100 million iPhones, iPod touches, and iPads in the world. Obviously, malicious hackers are racing to get a slice of that market.


How can you avoid it?

Right now, the easiest way to avoid this problem is by not going to any PDF links directly and not loading any PDF from any non-trusted source.You can also jailbreak your iPhone and install a program that will ask for authorization every time your browser encounters a PDF (just look for "PDF loading warner" in Cydia).

Please use plain text.