Security

The non-profit Center for Internet Security (CIS) has released a free benchmark on iPhone security, currently the only document of its kind. The full benchmark is available on the CIS website and only requires a free registration for download.

The purpose of the benchmark is to educate iPhone users and network administrators on the best ways to protect sensitive data on the device. The document provides over 20 recommendations and instructions regarding iPhone OS settings, Safari and iPhone Configuration Utility settings, strong password creation, and secure data destruction.

In a hint of things to come, more patents submitted by Apple just a few months ago show advances in future security designs for iPhones and notebook computers. The new authentication methods include several biometric technologies that would verify the identity of a user without any additional input from the owner of the device.

Examples would use cameras and software for facial recognition or allow a touch screen to identify a fingerprint. These methods could authenticate a user and protect private information without the current delay required when entering a passcode.

Many iPhone users have used the passcode lock feature to protect personal data. So everyone's information is safe and secure, right? Turns out it can easily be viewed without the password if the phone has been updated to firmware version 2.0.2. Even if the phone is locked, in emergency call mode a double-click of the home button brings up favorite contacts.

This alone might not be a problem, except that from this screen dialing provides access to the full contacts list, voicemail, and dial keypad. From the contacts list, sending a text opens the SMS application and text history. One click on an email address opens the mail application and all of your mailboxes. Similarly, any links in emails or contacts will open Safari, including history and bookmarks.

The New York Times published an article today which paints a fairly scathing picture of security on the iPhone. According to the article, hackers are able to gain total control over your iPhone either via a WiFi connection or by tricking users into visiting a particular web site. Given the information revealed within the article, many users may decide to use their iPhone less freely, out of concern of having the wealth personal information an iPhone may contain exposed or otherwise having their phone exploited.

According to the team of security experts who found the iPhone exploits, a firm named Independent Security Evaluators, once you were able to break through the iPhone's security, the phone and it's contents were an open book. "Once you did manage to find a hole, you were in complete control," said Charles Miller, principle security analyst for the firm.

Apple has indicated that they take iPhone security very seriously and cited their track record of rapidly responding to detected vulnerabilities.