The Mac Lawyer Using Macs in Law Firms | Attorney Ben Stevens

iPhone Called Out Over Alleged Security Flaws

By J. Benjamin Stevens on Posted in iPhone, Security

"The words iPhone and security do not belong in the same sentence…"  So begins the article from John Simek, one of the premier computer forensic experts in the country.  It gets worse, as he says, "The iPhone encryption is a non-starter and accessing the device is child’s play even if it is password protected."  He concludes by saying "I love the iPhone. Not because of its technical superiority, but because its design gives us access to more electronic evidence than any other phone we’ve ever seen."

I know John and we have actually given presenations together at CLE seminars in the past.  He and I have discussed these alleged iPhone security flaws in the past, and I will be the first to say that I am far from an expert on these issues and I must defer to John’s expertise.  Of course, as my readers now, I have an iPhone 3G-S and I love it.  However, I do not store any confidential or client data on it out of an abundance of caution.

John offered to print any responses from any IT / security folks and/or from Apple, and I will be glad to do the same here at The Mac Lawyer.

Source: "iPhone Security? A Complete Misnomer" by John Simek, published at Ride The Lightning.

  • http://www.iphonejd.com Jeff Richardson

    It should be noted that Apple has improved the security on the iPhone since John Simek wrote that article in July, especially in last week’s 3.1 release. I have yet to hear of a real-world security exploit on the iPhone. With the ability to locate your iPhone via MobileMe if it is stolen and the ability to remote wipe the iPhone if you use MobileMe or if you are getting your e-mail from an Exchange server, in addition to other built-in security options, there is a lot you can do to protect your iPhone. Of course, anything is possible, and much like you wouldn’t want to be careless and lose a briefcase containing confidential information, it is foolhardy to be lax about security in any environment. Thus, while I think that the iPhone is more secure than suggested in this article, iPhone-using attorneys should still be cautious, just like all attorneys should be cautious.

  • Julie K

    And if you set the phone to auto wipe data after 10 incorrect password attempts isn’t that similar to Microsoft’s remote wipe after incorrect PIN referenced in his article?