The iPhone 2.0 software update released earlier this month offers some dramatic improvements from earlier versions in security management for corporate users. But even these welcome changes aren't enough to make the iPhone seamlessly secure.

A year ago, I criticized a number of design and interface decisions Apple made with the original iPhone that increased the difficulty in creating secure network connections, and keeping your data free from prying eyes when using unsecured networks, like free and commercial Wi-Fi hotspots. The 2.0 software has a number of gaps, but it's increased the ease with which you can take steps to secure your data. However, Apple still needs to open its arms to network security clients, to meet what enterprises (and many individuals) demand from a secure mobile device.

This isn't to say that other devices exceed where Apple is at; rather, Apple is uniquely positioned to provide desktop operating system levels of security in the iPhone.

Reviewing the original vulnerabilities
Much of the iPhone's original set of security problems stem from the device's willingness to let you connect to any open access point that you pass by. That's still a problem. As of this writing, AT&T hasn't yet opened up its Wi-Fi network to iPhone users--although the service provider has let it slip that free access is apparently coming, with the latest false start occurring on Friday. But when AT&T opens its U.S. network to iPhone users, there's still no security beyond means you take into your own hands.

AT&T doesn't include corporate-grade secure connections at its hotspots as an option. In contrast, competitor T-Mobile has offered that option for four years. The iPhone now supports this kind of connection, and it could be a trivial way to render your network activities impenetrable to other hotspot users. (The option is 802.1X, explained below, and found nearly universally in enterprise networks in medium-to-large corporations.)

You must still maintain vigilance in connecting to Wi-Fi networks that you don't know about. That's why I continue to recommend, that iPhone users (and all laptops users) connect with a virtual private network (VPN). A VPN creates an encrypted connection between a device, like an iPhone and a remote VPN server. Any snooper who intercepts this data on a hotspot network sees just scrambled nonsense that, with current technology, can't be turned back into sense by anyone except by the parties on both ends. (802.1X encrypts the connection between a computer or mobile device and the Wi-Fi gateway; a VPN encrypts the connection through the gateway all the way to a network endpoint somewhere far away.)

The iPhone now supports three types of VPN connections, up from two in the 1.x firmware, and several services provide a VPN for a monthly fee. WiTopia.net may be the best option for iPhone owners. It charges $40 per year for its VPN service, which requires the installation on a desktop or laptop computer of a VPN client that uses SSL,

• Email
• Print
• Share
  • Slashdot
  • Digg
  • Stumble
  • Reddit
  • Newsvine