Thursday, July 23, 2009

Security vs. Convenience

Being a techie blog, we always strive to ensure that our readers are well informed of what gadgets they bought or will buy in the future will affect their lives. One of them is a user's information security: how will your mobile phone protect your information from people or parties that want to take it from you? Wired Magazine and New Consumers covered this a few hours ago and we'd like to discuss it here as well.

Being connected to the Internet whether it be through a laptop, desktop, or your mobile phone requires giving up some personal data in exchange for something else. This is where security comes in and if your device or medium seems to have a problem with it, then this is where the dilema begins: do you ditch that device or continue using it and hope the hackers won't target you next? This is the situation that's presented by the seeming lack of security in the iPhone 3GS.

According to Jonathan Zdziarski, an iPhone developer and a hacker who teaches forensics courses on recovering data from iPhones,:
“It is kind of like storing all your secret messages right next to the secret decoder ring. I don’t think any of us [developers] have ever seen encryption implemented so poorly before, which is why it’s hard to describe why it’s such a big threat to security.”

And here are the videos to prove it:

...and that's without even jailbreaking the phone. According to him, one only needs to use free hacking programs to do this. He demonstrated how easy it was to get info from the iPhone without the need of a passcode and how to delete a passcode. However, some people will risk it anyway.

According to Lance Kidd, chief information officer of Halton Company, an industrial equipment provider:
“Your organization has to be culturally ready to accept a certain degree of risk,” Kidd said. “I can say we’ve secured everything as tight as a button, but that won’t be true…. Our culture is such that our general manager is saying, ‘I’m willing to take the risk for the value of the applications.’”

If your decision is to continue using the iPhone 3GS despite this massive flaw, the decision is yours, we hope that Apple patches this up immediately.


No comments: