Posts Tagged ‘iPhone’

« Older Entries

Device Encryption on Apple iPhones

Tuesday, July 20th, 2010

Following up from my last post on enforcing security policies devices such as iPhones, I thought it might be worth clarifying how iPhones deal with encryption.

Essentially iPhones from the 3GS onwards are encrypted by default, this isn’t something the end user or administrator can control.  Earlier devices such as the iPhone and iPhone 3G do not support encryption at all, they’re simply not powerful enough apparently (Apple told me this!).

So if you use Exchange and wish to set the encryption security policies onto iPhones the ‘Require Encryption on the Device’ doesn’t actually do much in of itself – the device is either already encrypted or just can’t be. 

Where it is useful is if you wish to block access to devices that cannot be encrypted.  In this case you simply set the ‘Require Encryption on the Device’ policy and uncheck the ‘Allow Non-Provisional Devices’ policy.  The iPhones will report back their support for encryption and Exchange uses this to evaluate whether they should be allowed on not.  So iPhone’s and 3GS’s will be blocked.

Further info on iPhone support for Exchange ActiveSync Policies can be found here.

Tags: , , , , , ,
Posted in Tech | No Comments »

Android and iPhone Exchange Activesync Policies

Monday, July 19th, 2010

Over the past couple of weeks I’ve been doing some work on how best to secure data on the myriad of mobile devices that are used these days to access email and calendar information.

It’s a hot topic at the moment, and so it should be.  Recently here in the UK the information commissioner brought in a £500,000 fine for each instance of information data loss.  Of course it would depend on the information lost, but hands up anyone who understands everything that’s on their companies smartphones and PDA’s… with info creeping out in email attachments or iPhone apps that cache your work username and passwords, it’s a real risk.

If you use MS Exchange, one of simplest ways to apply a level of security to mobile devices is to use the Exchange Activesync Policies that are included out the box.  These allow you to apply – and more importantly enforce – a range of configuration options on devices and block access to devices that don’t meet a minimum standard you decide on.

At the bottom of this post I’ve attached a spreadsheet which I’ve put together which details the policies available and the devices they are compatible with.  To get the information I spoke to MS, Google and Apple (thanks Jason) directly, so it should be accurate.  But I don’t have any contacts at Nokia or Palm so that info was taken from their deployment guides.

Part of the reason I thought I’d post this up is that I noticed a very similar doc was added to Wikipedia, but it doesn’t include some important information about the level of Exchange Client Access Licence (CAL) need to use some of the policies, nor does it talk about the differences between hardware versions of iPhone.  If I can bring myself to dive into the wiki mark-up language I’ll amend the article to include the info but for now I hope this spreadsheet helps some of you.

If you’re not currently implementing any policies in Exchange there are a few things to consider before you do. 

First think about the types of device currently connecting.  If you’ve been using Exchange EAS for a while the chances are you’ll have a range of kit from Windows Mobile 5 onwards.  This older equipment may not support many of the available policies, so if they’re company owned devices you may want to look at upgrading them rather than cut the users off entirely.  Unfortunately it’s not just older devices that don’t support all EAS policies correctly.  Modern OS’s such as Google’s Android and Palms WebOS don’t either. 

There are some simple reports that an be run using PowerShell that will list out all the device that connect in, including device type, versions and usernames.  Unfortunately the iPhone doesn’t report back its hardware version until iOS4 however.  I’ll try to follow up this post with the query details.

Remember that neither Google’s Android, Applies iPhone or iPhone 3G support any level of device encryption, which from a business perspective is a little scary considering their popularity.  What’s worse, early versions of the iOS3 firmware apparently mislead the Exchange server into thinking early iPhone were encrypted.  If you have a lot of these things out there but still want to apply a level of security you can buy yourself some time using the ‘Allow non-provisional devices’ policy. 

One option would be to create a basic security policy with all the PIN settings you want to apply and enforce that by un-checking the ‘allow non-provisional devices’ policy.  This will ensure that if a device doesn’t support the policy it can’t connect.  You could then create a seperate policy with the encryption settings and the ‘allow non-provisional devices’ enabled.  In that case the policy should apply only to those phones that support it.

As always, communication out to your end users is going to be key, especially if you have personal devices connecting to Exchange in addition to your company ones.  Whilst having a PIN etc is probably a fair exchange for the Exchange functionality they’ll receive, suddenly finding that your personal phone has had a PIN enforced and that your SD of music and photos has been encrypted is likely to annoy…  Something to keep in mind!

Anyway, here’s spreadsheet: Exchange ActiveSync Policies (June2010)

Tags: , , , , , , , , , , ,
Posted in Tech | No Comments »

Apples iPhone 4 Gyroscope

Thursday, July 1st, 2010

Chipworks MEMS gyroscope die

After reading about the iPhone 4’s gyroscope during WWDC, I have to admit I wasn’t sure how such a thing would work.  I’ve only ever really encountered the spinning gyroscopes you get as a kid, and I couldn’t really see something like that fitting in a phone!

Thanks to this Wikipedia entry, and  this article on ifixit.com the mystry is solved – worth a read if you feeling geeky.

Tags: , , ,
Posted in Tech | No Comments »

iPhone 4 in business

Thursday, June 10th, 2010

With the iPhone rapidly becoming an accepted business phone for many companies, I’ve been interested to read about the changes that the forthcoming iPhone 4 and iOS 4 will bring.

To be honest there isn’t a huge amount of info out there, but the info that is available is quite positive.  There’s a page on apple.com with some basic details.  The main areas that Apple seem to be addressing are security and management, both of which have been question marks in the past.  Specifically the talk about:

Data Protection
Security enhancements in iPhone OS 4 protect email messages and attachments stored on iPhone 3GS by using the device passcode as an encryption key. New data protection APIs can be used for custom and commercial apps so that business-critical information is protected even if a device is compromised.

This is good news, but I still think Apple need to be clearer about exactly what sort of encryption is used etc.  The 3GS’s are meant to be encrypted, but there’s pretty strong indications that this isn’t quite as strong as you would hope [1, 2, 3].  If Apple can get this right it’ll open a lot of doors from them in business, as they’re still some way behind RIM’s Blackberry and Microsoft’s Windows Phone platforms.   Both of these offer significantly more control over encryption, and in combination with device management tools can both be configured to accredited security levels (up to ‘RESTRICTED’ I believe).

Mobile Device Management
Deploying and managing large iPhone fleets will be even easier with iPhone OS 4. New Mobile Device Management APIs can be integrated with third-party solutions to wirelessly configure and update settings, monitor compliance with corporate policies, and even wipe or lock managed iPhone devices.

To their credit Apple have supported a level of device management for a while through their implementation of Microsoft’s ActiveSync.  This at least allows basic policy enforcement on devices connecting in through Exchange.  By providing more complete API’s into a management interface however hopefully iPhones will begin to support a much wider range of management features.  The obvious gaps currently are around password/pin polices, encryption and granular control of features and functionality.  There are a number of products in the market to manage mobile devices [1, 2, 3], so hopefully we’ll see these begin to support the iPhone as well.

Wireless App Distribution
iPhone OS 4 enables enterprises to securely host and wirelessly distribute in-house apps to employees over Wi-Fi and 3G. Apps can be updated without requiring users to connect to their computers.

This has the potential to unlock the iPhone/iPad to a new group of developers.  Previously it’s been quite tricky to develop in house Line of Business applications,  and critically, to distribute them out to a fleet of devices.  The ability to deploy in-house apps over the air will make this much more attractive to organisations. 

SSL VPN Support
SSL VPN support in iPhone OS 4 gives users another way to securely access enterprise resources. These new protocols can even be leveraged to connect seamlessly to a corporate network via VPN on Demand. Forthcoming apps from Juniper and Cisco will support SSL VPN on iPhone.

VPN support is obviously a nice thing to have, but I’d be interested to hear how often this is used.  In a world where you’re developing and using internal applications it’ll be a very useful tool if those aren’t published to the internet, but for basic email etc generally the existing ActiveSync connection probably offers enough transport security.  I guess web access policies could also influence the use of VPN’s if you wanted to force your users through a company proxy server of some sort.

Improved Mail
iPhone OS 4 allows users to set up multiple Exchange ActiveSync accounts and now works with Exchange Server 2010. With the new unified inbox feature, users can see messages from all their email accounts conveniently displayed in a single inbox, or they can quickly switch between inboxes to see messages from any single account. If users receive an attachment that they want to save or edit, Mail now lets you open attachments with compatible apps from the App Store.

Again, I think the mail changes are more ‘nice to haves’ rather than significant improvements to the business features.  Though the unified inbox is very well implemented when you see it in use.  With the support for multiple ActiveSync accounts, it will be interesting to see how they have implemented the policy management.  If you have two ActiveSync connections, each with difference policy enforcement settings, which one wins?  Is it whichever is more secure?  If so who decided what the more secure value is?  I also wonder if this could potentially allow information to leak from one system to another.  If mail is synced from one company onto the iPhone, could it then potentially be synced back down to a separate mailbox with the iPhone acting as a hub?  I can see how that might be useful for personal contacts, but for potentially sensitive emails etc, it could be a problem.

Tags: , , , , , , , ,
Posted in Tech | 1 Comment »

Email and Office Windows Phone 7

Thursday, April 29th, 2010

A few months ago when Windows Phone 7 was unveiled there wasn’t really much coverage about the parts of the platorm aimed at business productivity.  I did see a few clips of the new Inbox, but nothing that really showed how it worked in practice.   With smartphones now an important part business life for many, and with iPhones becomming an increasingly common business tool, it’s interesting to see what MS has planned.  Especially as it’s an area in which they were pioneers with the early Windows Mobile phones. 

Anyways, I just spotted the following videos over on Steve Claytons blog.  They show how the new WP7 office apps and inbox will work in practice.  Personally I think they look pretty good. 

 

 

 

Tags: , , , , , ,
Posted in Uncategorized | No Comments »

TED on your TV

Tuesday, February 16th, 2010

With another TED over, I’ve been trying to watch a talk’s from previous TED’s as they’re almost always worth 20 minutes of my day.  One thing the keeps bugging me is that I’d much rather watch them on my TV than on a laptop or iPhone. 

I remember commenting in another post last year that I wished there were an XBox app for TED.  Unfortunately there isn’t one, but something that does work is the browser on the PS3.  It turns out that browsing to TED.com will let you watch the videos in full screen.  Well full screen apart from the player controls.

Much better :)

Jamie’s talk from this years conference.

Blaise Aguera y Arcas’s impressive demo.

Tags: , , , ,
Posted in Tech | No Comments »

New version of iDialog iPhone OCS Client

Friday, December 18th, 2009

Just a quick post this one as I’m at work… but I thought it would be worth mentioning that a new version of the iDialog Office Communication Server client for the iPhone is out on the app store.

There’s no news yet as to what has changed in the 1.2 version, but I’m sure there’ll be an update to the Modality Systems blog soon with an update.

(Via Tony Cocks and Justin Morris)

Tags: , , , , ,
Posted in Tech, Work | 2 Comments »

iDialog Office Communication Server iPhone Client

Sunday, August 23rd, 2009

A few months ago I wrote a few articles about mobile clients for Office Communications Server, and particularly the options available for iPhone users. 

It’s been a while coming, but it seems like there’s now a proper OCS client available in the App Store from Modalty Systems.

iDialog provides presence information on both your personal contacts, and across contacts within the corporate address list (which you can search from the client).  You can then either launch an OCS Instant Messaging conversation, or use the iPhone to call any of the numbers listed in the contact info.

IM conversations can be multi-party, and the client can support many simultaneous conversations.  They are displayed in the familiar threaded text message format from the iPhone. 

IMG_0026

In addition to IM, the client can make use of VoIP call control to manage voice calls to their OCS VoIP end-point.  Incoming VoIP calls to can be forwarded on to either their listed mobile number (presumably the iPhone), voice mail or any other number.  It isn’t however a VoIP endpoint in its own right however.  Presumably it would not have made it through onto the app store if it had.

From a backend perspective it relies on OCS 2007 or 2007 R2, and make use of the Communicator Web Access server role.  Unlike the solution from Web Messenger it doesn’t rely on separate, additional, server infrastructure.

The app is priced at £5.99, which is pricy for both individuals and corporate deployments.  However the web site does mention that corporate licensing options are also available that would – I assume – reduce the per seat licensing.

Link to App Store

Tags: , , , ,
Posted in Tech, Work | 3 Comments »

Windows Mobile 6.5 Touch Gestures

Thursday, July 9th, 2009

Although I now have an iPhone, I have to admit I’ve always quite like Windows Mobile.  It may be a bit clunky compared to Apple’s newer toys, but I’ve had WM phones since the original Orange SPV years ago.

Anyways, I’ve been keeping an eye on how the new version, Windows Mobile 6.5, has been developing.  I managed to have a play with a phone running 6.5 a few months ago and was actually quite impressed.  While you could tell the old WM was underneath, the touch interface was a great improvement on the old home screen, and it felt modern – even next to the iPhone.

I was just going though my rss feeds and noticed this new post from Marcus Perryman over at Microsoft.  He’s written quite an in depth article about how 6.5 implements touch and the gestures you use to navigate and do things.  It’s pretty techie (don’t say I didn’t warn you!), but quite interesting if you’re into that stuff.

Marcus also points out the official touch gesture docs have been published and can be found here:  http://msdn.microsoft.com/en-us/library/ee220920.aspx

Tags: , , , , ,
Posted in Tech | No Comments »

Augmented Reality on the iPhone

Wednesday, July 8th, 2009

A hat tip to Jason Langridge for finding this demo clip of a new Augmented Reality app for the new iPhone 3GS.  Very cool (in a geeky kinda way).

Using the iPhones GPS and Compass the app is able to overlay directions and other info onto the view from the camera.  I’m sure this is just the start… there are so many uses for this sort of technology.

Tags: , ,
Posted in Tech | No Comments »

« Older Entries