FortiGate
FortiWiFi
FortiAnalyzer
FortiManager
FortiAuthenticator
FortiClient
FortiMail
FortiSwitch
FortiAP
FortiBalancer
FortiDB
FortiWeb
FortiCarrier
Last week, I had hardly reached my desk when a colleague rushed by my side and told me, all excited, Apple had announced the release of a new iPhone 3GS. They also unveiled interesting new functionality in MobileMe, which started out a long chat in our lab.
To summarize our discussion, tomorrow, MobileMe is releasing three novelties:
- locating your iPhone, for example, when it is lost
- displaying a message or a sound onto your iPhone
- remotely wiping your iPhone so a thief won’t find read any sensitive data
All of these are quite appealling at first, but they raise a few questions:
Security: which security measures are taken to make sure one cannot remotely wipe or send messages/sounds to another iPhone? I hope this is secure, otherwise attackers are going to have a lot of fun…
Price: all of these features require sending commands to the iPhone. How is the mobile device receiving commands? Are they sent over the 3G network? Is the phone receiving an SMS? And who’s paying for this? Is it included in your MobileMe subscription?
Eficiency: those features are probably helpful if you lose your iPhone, but I doubt they will help when your iPhone is stolen. From MobileMe’s screenshot, it looks like locating an iPhone only works if you have previously installed MobileMe and enabled the “Find my iPhone” option. The thief can probably disable this option, uninstall MobileMe or even reset your iPhone if he/she intends to keep it…
Privacy: I am uncertain of how legal tracking your iPhone is. In France, geolocalization is regulated by law and the CNIL has hard work enforcing it. To my understanding, the CNIL finds locating a stolen device acceptable as long as the feature cannot be turned into a spying / tracking device. And indeed, this is difficult to guarantee: you never know when your iPhone is going to be stolen, do you? So, you have to enable the localization all the time, and consequently, your iPhone (thus you?) can be tracked all the time too… unless Apple has thought of some special trick so your iPhone will only release localization data to you, its rightful owner.
We’re going to be busy after tomorrow…
Loading ...
All Posts
Twitter
FaceBook
LinkedIn
YouTube
Its such as you learn my thoughts! You seem to grasp a lot about this, such as you wrote the e book in it or something. I believe that you could do with some % to force the message home a bit, but other than that, this is excellent blog. An excellent read. I’ll definitely be back.
Actually, Find my iPhone has recovered a few iPhones.
Here’s one incident http://happywaffle.livejournal.com/5890.html
I’ve played around with it with both my iPhone and the wife’s and it works quite well.
As far as the security involved, from my understanding there is some PKI involved but I’ve not cracked it open to see what’s going on.
The wipe feature has been present in Microsoft Windows Mobile for some time. Apple now includes this useful feature in MobileMe. It is designed to safeguard information, not the device. I do not have the details how it works in MobileMe, but the Microsoft flavor allows to establish a remote wipe command that is always enabled against a device ID. The stolen device may attempt to access your data some time in the future, and the wipe command will run. The rationale is that data is more important. Cost of hardware is less relevant.