I thought this might be something to pass onto others. I work for a very large defense contractor and they are on top of issues like this. I would take this as fact but do with it what you want. Just wanted to get it out there as some info that can be taken seriously. :thumbsup:

Copied from our security website:

As many of you know, Apple® has just released the iPhone™. This new device combines a mobile phone, digital camera, email, web browsing and a music player (iPod®) all into one device. Unfortunately, even before this product was released, a number of security forums have reported potential vulnerabilities with the product. There is a known issue currently in the internet browser (Safari™) that would allow a hacker to hijack the phone. The root password for the phone that is written into its firmware is now publicly known and network accessible. In addition, the iPhone™ operating system does not allow for hosting virus protection or firewall software, thus making the device highly susceptible to attack. One might think that the hijacking of a cell phone is not that serious of an incident. However, we must keep in mind that the iPhone™ has the content storage capacity of a laptop. This means that a significant amount of potentially sensitive company information could be highly vulnerable to theft.
We are engaged with Apple® to determine if there are remediations. Until a secure configuration can be deployed for the iPhone™, we ask our ******* (My Company name deleted)employees to refrain from using one for business purposes. We are also working with other vendors on the possibility of providing secure services for the iPhone™, similar to a BlackBerry®.

I'm no iPhone expert, but I think these parts of the statement are questionable and make the whole statement highly suspect... maybe written by someone with no love for the iPhone, or maybe with not a lot of knowledge on the subject:

"The root password for the phone that is written into its firmware is now publicly known and network accessible."

root password known, yes. Network accessible - what?

"However, we must keep in mind that the iPhone™ has the content storage capacity of a laptop."

If your laptop only holds 4GB or 8GB, you're in sad shape... :)

Dang - now I have to lose my iphone and I just got it! Guess someone may decide to use it to get to my parts wishlist, songs and 'pictures'... I love the phone but I wouldn't put anything sensitive on any kind of cell phone (working for a defense contractor too)...

I'm no iPhone expert, but I think these parts of the statement are questionable and make the whole statement highly suspect... maybe written by someone with no love for the iPhone, or maybe with not a lot of knowledge on the subject:

"The root password for the phone that is written into its firmware is now publicly known and network accessible."

root password known, yes. Network accessible - what?

"However, we must keep in mind that the iPhone™ has the content storage capacity of a laptop."

If your laptop only holds 4GB or 8GB, you're in sad shape... :)

Like I said do with this as you please. You have to work in this nature of business to most likely understand the warning. Lap tops in this industry are regulated for drive space and are not the modern tecno piece you used to on the open market. All I can say is this comes from a company that is very, very, very, very knowlagable with information security.

Just going to say this is a note from people that know what's going on and are out to protect not only gov info but also company and employee personal info. As always there are people that say "it will never happen to me" and then guess what.

In this industry it's better safe than sorry and it's proved to work before it's put to work with information security. As an example thumb drives and anything portable with internal memory is not allowed in my area!!

All this post is for is to watch out and don't let your self be victim. It's going to happen try not to let it happen to you. The sad part is the victim may never know when or where or how their infomation was stolen.

Joe

My son will be returning his IPhone within the 2 week return policy. He is disappointed with the telephone service.

Yep this is typical gov't crap. My wife can't have a cell phone, pager, ipod, palm, or anything. They metal detect everything and do random searches. Hell its so top secret I don't even know what she really does - something with computers is all she can tell me - LOL!!!!

He is disappointed with the telephone service.

Isn't the telephone network AT&T?
If so, they have a lousey network. I wish I had a nickel for every dropped call w/ AT&T. I finally switched to Verizon 15 months ago and have been happy every since.

My son will be returning his IPhone within the 2 week return policy. He is disappointed with the telephone service.

ATT and it used to be cingular........I was with them and hated the droped calls myself. Heck my kids even asked to me to please not go back to them after the sprint contract expired. Sprint has the best coverage where I am at. I have heard it's not the norm though.

Joe

Like I said do with this as you please. You have to work in this nature of business to most likely understand the warning. Lap tops in this industry are regulated for drive space and are not the modern tecno piece you used to on the open market. All I can say is this comes from a company that is very, very, very, very knowlagable with information security.

Just going to say this is a note from people that know what's going on and are out to protect not only gov info but also company and employee personal info. As always there are people that say "it will never happen to me" and then guess what.


The company may be very, very, very, very knowlegdable with information security, but the person who wrote that advisory isn't, or at least didn't do much research before writign the advisory. It's pretty common for IT Deptartments to send out a knee-jerk advisory for something they don't understand--I've even seen the IT dept where I work do it a couple of times (and we have some of the top security researchers in the world working in the same building). The root password is a non-issue (nothing uses it on iPhone), lack of antivirus is a non-issue is there's no provision for execution of arbitrary content, and lack of firewall is a non issue since the iphone isn't listening to any sockets to begin with. And even with the Safari issue, the guy who discovered the Safari issue (Rob Graham) still says it's more secure than something running Symbian or Windows Mobile.