iPhone Trojan Sign of Things to Come? 151
climber writes "Just days after the first scareware for OSX, researchers are pondering the problems of an iPhone exploit that could lead to larger issues. The Trojan pulls legitimate apps off the phone if you try to remove it, but it only infects iPhones that have 'been modified or opened through a security hole in the system.' Though this worm is more of an annoyance than anything else, it could be a proof of concept for a more serious attack. 'The fear is hackers may be experimenting and gathering research that will increase the dangers of a more malicious attack in the near future. It is clear at least one writer -- the author of this piece at Web Worker Daily -- thinks that the iPhone should be left on the dresser in the morning. She offers several reasons that the device isn't a good corporate tool.'"
Re:Stuffed shirts (Score:5, Informative)
I'm a huge advocate of personal freedom, but on an enterprise-class mobile device, support for centraly managed policy is a MUST to comply with HIPAA, SOX, etc.
1984 does not apply to a corporate environment, sorry.
Re:"dangers of a more malicious attack" (Score:3, Informative)
Of course, people who hack it to hell and then don't ever upgrade again (in fear of bricking or whatever), their phones can't be fixed by their own actions.
Re:"dangers of a more malicious attack" (Score:3, Informative)
Re:What rock was she hiding under? (Score:3, Informative)
Maybe the iPhone is easier if your corporation is less than 10 users and John is your trusted IT guy. Do that many companies really allow direct access to POP/IMAP/SMTP from the random internet to the corporate email system? You can fire up Thunderbird and connect to your companies email? Not a single place that I've worked has done that. Really.
One person can maintain thousands of crackberries from one console. "Maintain" means provision, destroy, deploy, maintain, monitor, manipulate, update, and configure all aspects of the device. You can even see who currently has a signal and when their device was last seen somewhere in the world and when it last sent and received email, feedback on if your changes made it to the device and the response, update passwords, encyption keys, service books, see if new policies were applied to the device, how many messages are queued for delivery, and email alerts to yourself or a syslog when a certain % of all of your users are not getting coverage or the queue backs up. You can erase and wipe out the units with tracking if the device got that signal or not.