Fun Way to Send Attachments in Mail
If you're working in a file that you want to attach to a message in Apple Mail, you can transfer the file to Mail easily: From the title bar of the file's window, drag the little proxy icon to Mail's icon on the Dock. Your Mac will make Mail the active application and open a new outgoing message, with the file attached.
(If your icon won't drag, the file probably isn't saved.)
Written by
Tonya Engst
Recent TidBITS Talk Discussions
- Alternatives to MobileMe for syncing calendars between iPad/Mac (1 message)
- Free anti-virus for the Mac (20 messages)
- iTunes 10 syncing iPod Touch 4.1 (2 messages)
- Thoughts about Ping (16 messages)
Related Articles
- New Find My Locker Feature Boosts iPhone OS Security (01 Apr 10)
- iPhone 3GS Hardware Encryption Easy to Circumvent (07 Aug 09)
Published in TidBITS 987.
Subscribe to our weekly email edition.
- Microsoft Releases Office 2008 Service Pack 2
- Pondering the Mac and the Moon
- Double Plus Ungoods: Amazon Unpublishes Orwell
- TidBITS Watchlist: Notable Software Updates for 20-Jul-09
- ExtraBITS for 20-Jul-09
- Hot Topics in TidBITS Talk for 20-Jul-09
iPhone 3GS Offers Enterprise-Class Security for Everyone
[Update: Soon after this article came out, a technique for circumventing any iPhone encryption, including the hardware encryption of the iPhone 3GS, was published. You can read more about it over at Wired. This technique requires only moderate skills and we've confirmed its plausibility with our own limited testing. Rich is writing a followup article with more details, which we will link at the top of this article once it's available. We hope Apple will address this issue as soon as possible, but until they do, iPhone encryption should not be considered secure.]
The original iPhone was widely criticized by security professionals for lacking essential security features for the enterprise, the large corporate networks that have special needs because of huge numbers of users and the massive back-end operations to support those users.
The original iPhone was hard to lock down, had only limited secure connectivity options, and lacked both data protection and some way to destroy data remotely if you lost the phone. Those capabilities have continued to improve with every iPhone software release and, combined with the hardware improvements in the iPhone 3GS, even regular users can now enjoy security equivalent to that provided by most corporate environments.
The iPhone 3GS Hardware Advantage -- While most of the software features I describe below work on any iPhone running the iPhone OS 3.0, the 3GS model has one significant advantage that enables all of its owners to experience enterprise-class security. The iPhone 3GS includes a hardware encryption chip that uses the industry-standard AES 256 protocol (that's the Advanced Encryption Standard, with a key length of 256 bits).
Hardware encryption enables a device - a phone, a hard drive, or what have you - to be nearly instantly wiped by erasing the encryption key stored on the device. With a well-designed system, securely removing that key means all data is entirely unrecoverable, even by a government... maybe.
According to Apple, all data on the iPhone 3GS is encrypted by default. Other than Research in Motion's BlackBerry models, very few smartphones on the market encrypt all data. Considering how much personal data we tend to keep on these advanced devices, this is an incredibly important feature. Assuming you follow my other recommendations, it's highly unlikely even a knowledgeable attacker could break into a lost phone and retrieve your data.
This doesn't protect you from all attacks. As with any other encrypted computer, if the bad guy hacks the device while you are logged in, he can still access your unencrypted data. But lost phones are the most common risk we face, and default encryption (with passcode locks, which we'll get to) essentially eliminates your exposure.
Setting Passcode Locks -- One of the most basic security options on any phone is setting a passcode to lock the screen. This prevents prying eyes from gaining easy access to your email messages, phone numbers, or text messages, and it's an option on pretty much every phone on the market. To set this on your iPhone, tap Settings -> General -> Passcode Lock and enter a passcode. (Don't forget it, or you'll have to restore your phone to get back in!) This feature predates iPhone OS 3.0, and works on any model.
On the Passcode Lock settings page you also have some additional options. On any iPhone, you can choose the amount of time your phone sits idle before it requires the passcode again. I set mine for 15 minutes, which is a good balance between security and usability for those times I slip it in and out of my pocket.
On the iPhone 3GS, you can also choose to allow or disable voice control when the screen is locked. I leave this on so I don't have to enter my passcode when using voice dialing while driving, but if you are worried about someone making calls to the Antarctic when you leave your phone unattended (or listening to any potentially embarrassing iTunes song selections), you should disable it.
Erasing Your Data -- One additional feature sets the passcode lock on the iPhone apart from many other phones on the market. If you select the option to "Erase Data," the iPhone allows just 10 failed attempts at entry. After that, the operating system starts the wiping process, deleting everything on your phone. (Don't worry: if you do this by mistake you can restore from your last backup.) I've seen this feature in enterprise devices like the BlackBerry, but it's rare in a consumer phone.
On original iPhones and the iPhone 3G, wiping can take some time, as the software deletes, then overwrites, your data: Dan Frakes at Macworld got Apple to quantify that it takes 1 hour per 8 GB of data.
On the iPhone 3GS, it's faster and easier, as noted earlier. The iPhone 3GS just has to delete the encryption key that protects the data. This is known as "crypto-shredding," and is a common practice in the security world.
Remote Wipe -- With the release of the iPhone OS 2.0, corporate users gained the capability to wipe lost devices remotely using Microsoft Exchange integration. This is an important feature, since forensic investigators can often recover data off devices by connecting them to computers and performing direct analysis, rather than having to beat the passcode lock. (The 3GS is still protected, thanks to its hardware encryption.) Remote wipe sends a signal to the phone to delete all its data, assuming the phone is turned on and connected to a network to receive the signal.
As has been widely reported, iPhone OS 3.0 users with MobileMe accounts now gain the same capability, without needing a corporate server. By logging into the Find My iPhone area of MobileMe (in the Accounts screen), you can wipe your phone by selecting Remote Wipe. This is the first time we've ever seen this option in a consumer phone and service, although it does require a paid MobileMe subscription, which retails at $99 per year for a single user, or $149 for a family pack of 5 unique accounts. It also requires that you enable Find My iPhone on the phone itself; it's not turned on by default when you enter or sync your MobileMe information.
Remote Wipe on the iPhone 3GS works just like a passcode wipe; the encryption key is deleted, making it a fast and effective process.
An Unexpected Benefit -- One major thorn in the side of enterprise security teams is portable storage. Now that small storage cards, like the SD cards powering our digital cameras, can hold many gigabytes of data, they have become a common transport mechanism for the loss of sensitive information.
Many smartphones support external storage, which is rarely encrypted or otherwise protected. Enterprise security tends to require expensive software to restrict use of portable storage on remote devices and protect corporate data.
Since iPhones don't support additional storage, this is actually a benefit for the enterprise. Personally, I was more than satisfied with the 16 GB on my iPhone 3G, and haven't come close to pushing the storage limits of my 32 GB iPhone 3GS.
Additional Security Benefits... and Risks -- The inclusion of encryption hardware on the iPhone 3GS, combined with a good selection of security options, is an advantage for both enterprises and consumers. iPhones are now easy to secure in case of physical loss, but this isn't the end of the security road.
There are two other major features that aren't security-specific per se, but convey significant security benefits. The iPhone is probably the single most updated phone on the market. I don't mean our annual sojourns to the Apple store for the latest hardware, but the ongoing software updates to add features and plug security holes. Phones are small computers now, and subject to the same problems with software vulnerabilities as your Mac or PC.
While the iPhone has suffered more than its fair share of vulnerabilities (46 patched in the last update), unlike with most consumer phones, users are far more likely to update their iPhones in a timely fashion, closing the holes. In the past, for many phones you had to take your device into a retail store and make a special request to get any kind of update. With the iPhone, assuming you plug it into a Mac or PC on occasion, it's hard to avoid getting these security updates.
The second feature is the automatic backup built into iTunes. Assuming you connect your iPhone to a computer, iTunes backs up all the data on your phone, including most of your settings and all of your applications. Aside from protecting you if you trash your phone, it also means that you don't need to worry about losing your data if you make a mistake in setting any of the security features.
I can remotely wipe my iPhone to my heart's content without suffering any real loss, other than a little time to restore the backup and clean up a few settings. iTunes can also encrypt your iPhone backups (for any model running iPhone OS 3.0), which is useful for enterprises.
Secure As Can Reasonably Be -- I've focused on the most important security features for a phone, but the iPhone is also a small computer, with a variety of additional security options. You can use a VPN connection to encrypt your network communications, encrypt your email connections (without needing a VPN), and install additional security tools such as the iPhone version of the popular 1Password password management tool.
This isn't to say the iPhone is perfect. The reliance on iTunes is a serious liability in enterprises that frequently don't want such consumer software cluttering work computers. Also, as mentioned, the iPhone has experienced many software vulnerabilities, some of which could allow an attacker to take control of your phone by having you visit a malicious Web page. One security researcher recently discovered a way to hack iPhones remotely with little more than SMS text messages.
The iPhone 3.0 software includes a number of security features that place it on par with most other smartphones on the market. But with the additional encryption hardware on the iPhone 3GS, and a MobileMe subscription, consumers can now experience enterprise-class security.
![](/file/11593/db.tidbits.com.tar/db.tidbits.com/images/badges/pear-note-icon50x50.png)
Typed notes are blended with recorded audio, video, and slides
to create notes that make more sense when you need them most.
Learn more at <http://www.usefulfruit.com/tb>!
http://www.apple.com/support/iphone/enterprise/
About iPhone Configuration Utility 2.0 for Mac OS X
iPhone Configuration Utility lets you easily create, maintain, encrypt, and push configuration profiles, track and install provisioning profiles and authorized applications, and capture device information including console logs.
Configuration profiles are XML files that contain device security policies, VPN configuration information, Wi-Fi settings, APN settings, Exchange account settings, mail settings, and certificates that permit iPhone and iPod touch to work with your enterprise systems. For instructions on how to use iPhone Configuration Utility, see the iPhone and iPod touch Enterprise Deployment Guide, available for downloading at:
Enterprise Deployment Guide - http://www.apple.com/support/iphone/enterprise/
I don't believe that security by obscurity is valid, however the majority of people, myself included, will never inspect any of the software that we daily use.
You have no choice but to use hardware AES if you have the 3GS. Also, you have few (if any alternatives) to protecting information such as contacts except through the hardware AES.
If a government is out to get you, or corporate spies, there are other ways than your phone than relying on Apple to have botched the hardware AES. Unless you have years of crypto experience, your not going to find any flaws. Just ask Mr. Schneier re: SHA-3.
Hardware encryption is more secure than software, with much higher performance. It's built into many devices you use already, such as wireless.
Unless you are a cryptographic engineer, this isn't something I recommend people worry about.
Why would you say hardware encryption is more secure? If both hardware and software are performing AES256 there should be no difference, unless the iPhone 3GS has a real Trusted Computing Module to hold the keys as opposed to just an AES hardware accelerator...
Except if they store the key in the hardware encryption chip and not on the device (flash) itself.
The question is: is that the case?
Error: this is not a reply to the vpn question.
BlackBerry solves this by cryptoshredding the device after a certain number of failed connection attempts. I will try and run this down more with Apple.
I assume they use some TPM module in such a way that the encryption key is inside the TPM chip. If not, the whole AES encryption stuff is worthless.
It is all about the strength of the authentication method.
See also the remark:
question 2009-07-21 12:29
On other smartphones you can turn encryption on or off. With iPhone 3GS, you can't. It's always on. Hence there not being any UI surrounding it; it just works.
Once that's done, you can provision the phone rather nicely sans any contact with iTunes. So the requirement for iTunes is actually quite small.
I can't believe you've not mentioned Apple's iPhone Configuration Utillity http://www.apple.com/support/iphone/enterprise/
It lets you set more complex passcodes - alphanumeric, more characters, and passcode policies.
It also lets you install SSL certificates, so you can use self-signed server certificates (good for intranet use)
And, you can create configuration profiles for restrictions (eg, can't use a camera), VPN, email (to make sure the right servers are used), and so on.
You can make your iPhone much more secure with these tools.
However, there are many questions about its implementation, as you outline.
If they do not use TPM, thus store the key on the device itself, the whole solution is worthless. Ofcourse, if the key is 'protected' by the default 4 digit pin, the solution is equally worthless.
http://www.iphoneinsecurity.com/
July 14, 2009: State of iPhone Forensics in a Nutshell
In a nutshell, all three iPhone models (iPhone, iPhone 3G, and iPhone 3G[s]) running any firmware version up to and including the latest version 3.0, are fully accessible by forensically safe methods to recover full raw disk and live file system from all devices, whether passcode protect or not, whether an encrypted backup password is set or not. The process is performed across USB in as little as 15-30 minutes with a Mac. Law enforcement agencies may request access to the online file repository containing research and tools for performing forensic recovery and examination of a device. No exceptions will be made.
This isn't a fanboy issue... and I'll be as disappointed as anyone if it's that easy to circumvent.
You also have some management via Exchange, although that's limited.
We are also planning on writing more on the enterprise management of iPhones and Macs, but that's taking us a bit of time.
Thanks!