http://www.wired.com/gadgetlab/2009/07/iphone-encryption/

You will find that RIM has their share of hacks and exposure. Many of these are dated.

However, 1 exposure was detected as recently as June 6, 2009. To give due credit, the flaw was detected by RIM, a warning was published, and a patch was issued. Apple does not always give similar attention to security flaws.

Recently I loaded up a [SIM-less, GPS-less] 1-gen iPhone with music, games and movies. My granddaughter took this with her on a 12-day trip to Canada. Whenever they were in range of a WiFi hotspot (motel, restaurant, pit stop, etc.), I see her location (within a 2-block radius) and send her “Find My iPhone” alerts and messages. While I did not test it, I assume I could have initiated a remote wipe…

…the latter phrase forms the strangest mental image :)

That is what is required to keep company information and potential client data safe from prying eyes.

When Apple can do that properly, I bet they will gain more ground in companies.

For example, wouldn’t #3 apply to any smart phone?

With buzzwords like, “hardware encryption” and “remote wipe”, many enterprises have been misled into believing that the iPhone 3G[s] is secure enough to store confidential correspondence or other information. Apple is no doubt pushing the enterprise market, but is the iPhone truly secure enough?

While this subject truly warrants a complete white paper, take the following points into consideration. The following apply not only to the iPhone 3G[s], but also to earlier generation devices. Here are the top seven things every enterprise should know about the iPhone:

1. The 3G[s] passcode and encrypted backup password can easily be bypassed in about 30 seconds. This allows an identity thief who gains physical access to the device (for only a short time) to not only access the 3G[s], but to sync an unencrypted copy of its data through iTunes, creating a copy of the owner’s contacts, correspondence, photos, and other valuable data. If it can be synced with iTunes, it can be stolen in a very short period of time.

2. The 3G[s] promised hardware encryption, but this hardware encryption does not protect the information on the iPhone from an information thief. The operating system needs to automatically decrypt the iPhone’s disk in order to boot, allowing anyone with the right know-how to easily acquire all of the data – including deleted data – on the device, bypassing any encryption. In fact, the only useful benefit for hardware encryption thus far has been the ability to quickly format the device, discussed next.

3. Remote wipe and “LocateMe” features can easily be disabled by simply removing the SIM card. Any semi-intelligent thief looking to steal information from your corporate handsets can easily shut these features down within seconds, armed with only a paper clip.

4. If your device is stolen, not only is the iPhone’s live information exposed, but also all of the deleted information on the device. Because the iPhone has such a large storage capacity, it can take six months or more to cycle through deleted data. The hardware itself is designed to minimize writing to the same place on disk, leaving a wealth of deleted data for an information thief.

5. The iPhone OS has a built-in keyboard “logger” which logs nearly everything you type into the device’s keyboard to auto-learn the owner’s typing habits. As a result, endless logs of data are being created containing information typed in by the user. Even fields with auto-correction turned off have been seen to have some of the data entered in them stored in this cache.

6. Every time your employee pushes the home button, the iPhone snaps a screenshot of the last thing they were doing. This is done for most built-in applications such as Mail and Safari, and has been observed for many third party applications as well. A large collection of screenshots of “the last thing” your employee was looking at are being stored on the device, exposing screenshots of potentially confidential information to anyone with the right know-how.

7. There is a wealth of information stored on the device that most users don’t even realize is there. Information about your last GPS positions, which wireless networks you’ve joined and where, your search unread voicemail, and much more. Anything that goes through the iPhone is indefinitely stored on the iPhone.

Consider the risk to your enterprise should the confidential information on corporate iPhones be stolen. The iPhone is about the size of a small laptop disk drive, and is about as easy to copy information from should a thief steal or “borrow” it without your knowledge.

A quick google search shows unlocked blackberry and not jail broken or cracked berries. Please post links to cracked blackberries if you have them.

RIM will *unlock* a blackberry for you if you ask them nicely. This only permits you to use the berry on any carrier.

To do the same on the iPhone you have to use some security vulnerabities (After all thats the basis of ultrasn0w). This is much required (for example when you are roaming) and since Apple will not unlock it for you people (including me ) do it by installing the cracks and the hacks.

Now I am running a jailbroken phone which *theoretically* allows any app to run as root and go wild. Erica from tuaw realized as much (http://www.tuaw.com/2008/02/11/thoughts-on-iphone-security/) .. Now add this app having access to your corp net and you will realize why iPhone are banned in some enterprises from VPNing.

Do I agree with the policy – no
Do I think blackberries cannot be similarly jailbroken – Yes, But there is not that much incentive to do so … As I said before, berries can be unlcoked and the apps on a berry is not as restricted as an appstore app (Apple puts apps in silos with no common filesystem access etc)
Is a “locked” iPhone as “secure” as a blackberry – I think so..

Enterprises can ask their employees to only run “locked” official iPhone builds and stay safe if they think that this is an issue. But I can see why some paranoid IT admins will block the iPhone