Apple's iPhone 3GS offers hardware-based encryption, but some say it's easily bypassed. Do you trust the iPhone with your company's secrets?
In the above video, Gregg Fiddes and David Halpin of Quickoffice demonstrate the company's new mobile productivity application for Apple's iPhone. Attendees at Macworld 2010, got to see how Quickoffice Connect let's users read and edit Microsoft Word and Excel documents and access cloud services like Dropbox, Google Docs, and Box.net.
For those who use these cloud services and need to access/edit documents from their iPhone, Quickoffice Connect looks like an interesting product. But watching the video, I was surprised by several of the files Halpin used during the demonstration.
Around 2:12 minutes into the video, he showed how you could open and edit locally stored files using Quickoffice Connect. I wasn't surprised that application could work with these files. (In fact, it appeared to work pretty well.) I was however, taken aback by several of the filenames (balanceSheet.xls, Forecast.xlsx, Product Roadmap.pptx, and so forth).
These documents were obviously samples developed for the demonstration. But, I couldn't help but wonder to myself if companies are allowing their users to store sensitive documents on their phones? And if not, are users doing it anyway, unbeknownst to IT or in spite of IT?
Apple attempted to make the iPhone more enterprise-friendly by implementing hardware-based encryption on the iPhone 3GS. Some however, question the effectiveness of Apple's efforts securing its mobile devices. Check out the following articles for more information:
- Hacker Says iPhone 3GS Encryption Is ‘Useless' for Businesses (Wired)
- New iPhone hardware encryption not even close to hack proof (Ars Technica)
- Why the BlackBerry still trumps the iPhone in the enterprise (TechRepublic)
- Apple Betrays the IPhone's Business Hopes (PCWorld)
- Expert: iPhone 3GS crypto is easily crackable (CNET News)
- Expert sees security issues with the iPad (CNET News)
Browsing through the reader feedback on the above pieces, I found plenty of individuals who believe that an attacker is no more likely to get sensitive information from an encrypted iPhone 3GS than they would be an encrypted laptop. I'm curious to know what our audience thinks.