security - page 18

Apple will launch the next iPhone (presumably named the iPhone 5) along with iOS 6 tomorrow. The new iPhone is expected to pack a range of updates that will make it a much more significant release than last year’s iPhone 4S. The biggest expectation is that the iPhone will include 4G LTE support and that, unlike the new iPad, it will support LTE bands used outside of North America.

We won’t know all the details of the iPhone 5 until Apple’s unveiling at the Yerba Buena Center. There are, however, three important issues that business users and IT managers will need to in mind during and after following tomorrow’s launch event – all three of which could have a significant impact on bring your own device (BYOD) programs that encourage users to bring their personal mobile devices into the office.

Earlier in this year, Apple shut down the unique device identifier or UDID as a valid way for developers to try to track users of their apps.

You have to wonder if they felt a storm coming, as today, the hacking group AntiSec has released more than 12 million UDIDs that they managed to recover from an infilitrated FBI laptop. And your device ID — along with everything you did with the iPhone, iPod touch or iPad associated with it — might just be one of them.

The success of devices like the iPhone and iPad in healthcare has become so pronounced that the Department of Health And Human Services has begun to single-out the use mobile devices as part of the meaningful use requirements for electronic health records (EHR) systems. In addition to identifying mobile device use, the agency has also taken steps towards explicitly regulating mobile device security needs in the healthcare industry.

Apple has released a new white paper for CIOs, IT leaders, and IT professionals. This one targets FileVault 2, which was introduced in Lion and remains present as a high security feature in Mountain Lion. The 42 page document joins a growing collection of white papers and guides available from Apple that detail the mechanisms and best practices for integrating Macs into Windows-centric enterprise environments.

At VMWorld, this week VMWare showed of Horizon Mobile for iOS – an enterprise solution that separates business apps and content on an iOS device from a user’s personal apps, documents, and data. It’s an iOS version of a tool that VMWare previously demoed, but hasn’t yet shipped, for Android devices. While the name and the goal of Horizon mobile is essentially the same on both platforms, the company is taking a vastly different approach for iPhones and iPads.

Not only is the iOS approach different, it’s also nowhere near as revolutionary – other mobile enterprise companies have using similar approaches for a while and the one truly distinctive feature is one that Apple might not approve for distribution.

One of the first secure business solutions for the iPhone and iPad was Good for Enterprise, a secure collaboration tool that allows companies to separate business email, calendar, and contact systems from Apple’s standard Mail, Calendar, and Contacts apps. Going beyond simply separating work accounts and data from a user’s personal accounts, Good’s alternatives securely encrypt all data and must be unlocked using credentials other than the passcode used to unlock an iOS device.

Good released a significant update to Good for Enterprise this week, one that makes the solution more streamlined, user-friendly, and offers powerful new features – some of which are worth considering for their business functionality as well as their innate security.

It’s been over two years since Apple unveiled iOS 4 with mobile management features designed to make the iPhone and iPad a significantly better corporate citizen. During those years, the landscape of business and enterprise mobility has changed dramatically. RIM has collapsed and will never truly recover, Microsoft has doubled down on the interface it launched late in 2010 with no guarantee of success, and Android has become much more enterprise friendly. Perhaps more important is the fact that idea of mobile management and security has shifted from a focus on devices to a focus on securing data and managing mobile apps.

As all this has happened, Apple’s mobile management framework, which is the system that all mobile management vendors plug into in order to secure and manage iOS devices, has essentially stagnated. With iOS 6 on the horizon, lets look at the areas that Apple needs to address if it wants iOS to remain one of the preferred mobile platforms for business.

Popular cloud storage service Dropbox has introduced two-step verification in order to provide greater security for its users. After the ‘epic’ hacking of Wired’s Mat Honan digital life, online security has become a hot topic once again in the tech community.

Like Google, Dropbox now allows all of its users to login with a password and additional code sent via text. An authenticator app can also be used on the web or mobile devices like the iPhone for the second step.

Like many federal agencies, the Department of Veterans Affairs has embarked on the journey of integrating iPhones and iPads as mobile solutions. The agency currently has 20,000 mobile devices that includes iPhones and iPads along with some BlackBerries and a small number of Android devices. Despite the range of devices, the VA has been very active in trying to eliminate mobile data breaches and, according to the VA’s director of Mobile and Security Assurance Donald Kachman, the agency’s campaign has been extremely successful.

Kachman credits encryption technologies with as a major factor in that success – 99% of all VA data is now secured around the clock on mobile devices and desktop PCs. The security approach is one that can be a model for any organization.

Secure enterprise file sharing and file management vendor Accellion has added Mac support to its file sync system for mobile workers known as kitedrive. As we noted earlier this year in covering the launch of kitedrive for iOS, Accellion describes kitedrive as “Dropbox for the enterprise.” That’s a pretty good description. kitedrive syncs content for offline access to business documents, which are securely encrypted during transmission and while stored on the a mobile device, PC, or Mac.

Reader James G writes,

I use the iPad’s locking feature requiring a 4-digit pin. The problem I was worried about is that the default setting has a button allowing you to see photos without knowing the 4-digit pin.

With the dozens of login names & passwords I’m required to remember, I often take a screenshot whenever I’ve created a new login or changed my password. So some of my “photos” are part of what I want to protect. Until recently I hadn’t realized that by default the pin didn’t block looking at the pictures.

I had looked and not found a way to turn that off, but after writing to you discovered there is a way to do it.

So, as James found out, there is, in fact, a way to keep your photos private when using the passcode security on an iPad, but you have to disable the default slideshow option first.

While bring your own device (BYOD) programs that encourage employees to use their personal iPhones, iPads, and other devices in the office increases productivity and employee satisfaction, the trend is also turning those employees into workaholics. That’s not entirely a new realization – we’ve covered the potential impact of the BYOD trend on the work/life balance before (including a recent study that showed that BYOD programs actually improve that balance for IT professionals).

The latest research on BYOD’s impact on workers shows two additional insights – a significant number of employees are footing the bill (sometimes a very big bill)  for mobile data service while on the road for work.

It appears Apple’s arrogance is getting in the way of protecting its users from a long standing SMS exploit that could allow potential hackers to spoof a reply-to number, causing the recipient to think he/she is replying to a legitimate contact, when in reality, their information is being sent to the hackers designated address. As you can imagine, this is quite troublesome, yet Apple has brushed it away despite numerous pleas made by a well known iOS hacker (pod2g):

VMWare announced the newest version of VMWare Fusion, its Mac virtualization product, this week. In doing so it also launched its first business or enterprise version of the popular tool for running Windows and other operating systems on Mac workstations. Dubbed Fusion Professional, the new solution has a range of features that are likely to appeal to IT professionals in both business and education.

Apple retail stores are now installing special dock connectors to prevent iOS devices from being stolen. They look just like the regular USB cable that ships with every iPhone, iPad, and iPod touch, but they feature a nifty anti-left lock that prevents them from being removed from the device — essentially tethering the unit to the table.

The U.S. federal government may not be where you’d expect to see mobile innovation or find good app development suggestions. While there’s still a public sector bureaucracy in government, a number of government agencies are beginning to develop new ways to connect with citizens and invest in mobile technologies for internal use.

Granted, most agencies are doing so because of requirements under the Obama administration’s 21st Century Digital Government Strategy. One of which is that every federal agency  must make two high-value, customer-facing services available via mobile devices over the next year.  Still, the innovation is happening and the agencies that have already taken up the challenge are good models for agencies that have yet to do so.

They’re also good sources of advice for any organization that is beginning to develop an iOS or mobile app strategy.

When Apple unveiled iMessage, one of the first thoughts for many IT professionals and business users was that Apple had come up with a secure messaging platform that could rival RIM’s BlackBerry Messenger. While iMessage has a lot going for it as a secure messaging platform, there are still some reasons that it may not be an ideal business solution.

The most striking point in a recent report commissioned by Trend Micro was that IT administrators are beginning to rank Apple’s iOS ahead of RIM’s BlackBerry and other mobile platforms, but there were some other significant details in that report.

The report focuses on mobile security and issues related to bring your own device (BYOD) programs. Such programs encourage employees to use their personal iPhones, iPads, Android devices and other mobile technologies to access business resources and perform work related tasks. Many IT professionals believe that BYOD programs introduce security risks – and it looks like they’re right believe that. Decisive Analytics, the company that prepared the report, notes that nearly half the IT professionals that they surveyed in the U.S., U.K., and Germany admitted that their companies had already experienced a mobile-related security breach.

The perception of the BlackBerry as the most secure and manageable mobile platform seems to be faltering. According to a new report, senior IT administrators now consider Apple’s iOS to be the most secure and manageable platform – despite the fact that RIM offers ten times the number of security and device management policies that Apple provides in iOS.

iOS hacker and security researcher Pod2g has uncovered a major SMS security flaw with the iPhone that could lead to text message spoofing. The problem is with the way in which the iPhone handles text messages, and it’s present in the latest version of iOS — including the iOS 6 beta 4 release. However, Pod2g insists he’s pleading with Apple to get it fixed.

Another study of the bring your own device (BYOD) phenomenon concludes that the trend of employees bringing the personal iPhones, iPads, and other devices into the office shows no sign of slowing down. It also confirms previous reports that indicate many personal devices being used in the workplace don’t have even basic security features enabled.

The study by Coalfire, a company the specializes in IT risk management services, paints a particularly grim picture of the lack of security for iOS and Android devices in the workplace. With the BYOD trend show no signs of slowing or ending, Coalfire CEO Rick Dakin, notes that companies cannot afford to keep ignoring mobile security concerns.

One of the challenges of 21st century education is determining the appropriate ways to use technology in the classroom. That’s a challenge that each school or district needs to confront in its own way. One thing that is universal, however, is that the policies and processes put into place around technology need to come from an ongoing dialog between teachers, school administrators, and IT professionals.

While some schools may have restrictive policies, those policies are emblematic of the community to which the schools belongs. They are the policies that the school itself and the parents of its students feel are needed to protect its students. Those policies also teach students what is acceptable behavior and how to protect themselves in the online world.

When I first glimpsed the Highline, I teased, calling it “an almost spectacularly misguided idea.” The Highline is a curly cable which hooks into your iDevice’s 30-pin dock connector and keeps it safe from drops and attempted snatch-and-grabs. Despite my conclusions, the kind folks at Kenu sent one over to the Cult of Mac test labs to check out. And while I’d probably never have a use for one, it turns out that it does its job just fine.

Your iPhone contains a whole lotta information about your personal life. You got your bank apps, email, text messages, phone calls, browsing history, plus all those embarrassing songs you listen to on Spotify you don’t want people to know about.

You don’t expect to get hardcore encryption security on a tiny iPhone, and when the iPhone was first released in 2007 you didn’t. Huge security holes allowed  hackers to easily take over the device, but Apple learned from their mistakes, and now your iPhone is like a freaking Fort Knox for data. Even the NSA is having a hard time breaking iPhone encryption, and it’s frustrating the hell out them.

When Dropbox acknowledged its recent data breach last week, the company noted that it will be adding a range of security solutions in an effort prevent such a breach from occurring again. One of the technologies that Dropbox plans to implement is two factor authentication, which requires another identifying item beyond your username and password to grant you access to your account.

The second item in two factor authentication can be any one of a range of technologies like a smart card that needs to be swiped, a USB flash drive or other mobile that contains security certifications, a one-time user password token like RSA’s SecurID, or a biometric input like a fingerprint scan.

One company has another interesting option, however, your location.