Quantcast Enterprise iPad Security - The Controversy « iPad in Canada Blog - Canada's #1 iPad Resource iPad in Canada Blog – Canada's #1 iPad Resource

Enterprise iPad Security – The Controversy

by on October 4th, 2010

Note to readers – before you begin reading this blog I would just like to inform you that it is a much longer and more technical blog than what you normally read on iPadinCanada.

Many business users want to know if the iPad is secure enough to implement in a business environment. This topic has created a lot of chatter within the security community. It has now become a heated discussion due to the impending launch of the new BlackBerry Playbook, which is targeting enterprise business users. 

What prompted me to actually sit down and write this blog is an article that came across my desk from the Communications Security Establishment Canada (CSEC). CSEC is a Federal Government Department that provides IT Security Services for Canadian Federal Government Departments. CSEC just released an “unclassified” three page document titled “An Initial Security Analysis of the Apple iPad”.

The information in this article has navigated many officials in Federal Government Departments away from using the iPad. I think that the CSEC article is touting the iPad as some horribly insecure product and as a result I would like to voice my opinions on the article.

In an attempt to limit the length of this blog, I have highlighted the conclusions from the CSEC article as follows:

In general, CSEC does not recommend use of the Apple iPad for the transmission of sensitive government information or for connection to government networks, due to the vulnerabilities of Bluetooth, IEEE 802.11 (WiFi) and the cellular network:

  • Bluetooth is known to be vulnerable to eavesdropping, which could result in the exploitation of data being transmitted over this medium.
  • IEEE 802.11 (WiFi), if not properly configured, can be vulnerable to eavesdropping, password guessing and man-in-the-middle attacks, and therefore data being transmitted with this technology could be vulnerable to exploitation.
  • The cellular network transmits data over the air in unencrypted form, and therefore information transferred over this medium is vulnerable to intercept.

 The vulnerabilities of Bluetooth, IEEE 802.11 (WiFi) and the cellular network are well understood.  For further information, refer to existing CSEC documentation listed at the end of this document.

 The Apple iPad (all models) currently uses iOS 3.x as its operating system.  From initial analysis of the iPad device through Apple published documentation, CSEC does not recommend the processing of sensitive government information on the iPad, due to the following:

  • IT policy settings for iOS devices lack ability to control all aspects of the device, and also lack sufficient granularity for the aspects that can be controlled.
  • IT policy settings can only be “pushed” to the device if using MS Exchange.

IT Policy can be set on the iPad in two ways:  automatic, or manual.  If the device is configured to use a MS Exchange account, IT Policy can be pushed (over-the-air) to the device without user interaction.  This automatic over-the-air policy distribution is only available if MS Exchange is being used.  Otherwise the administrator can manually distribute the IT Policy to the user, but then it will be up to the user to ensure the policy is installed.

3rd party applications available in the iTunes App Store, despite being digitally signed by Apple, have not been vetted to ensure security and hence could contain malicious code that could compromise the entire device.

  • The “jailbreaking” of an iPad serves to further compromise security as devices that have been modified in this way would be capable of running unsigned code.
  • The iPad has built-in encryption for all data stored on the device, but the cryptographic engine has not been laboratory validated to the accepted standards (FIPS 140-2) and therefore cannot be depended upon to protect sensitive GC data stored on the device, in the event of loss or theft of the device.
  • The iOS operating system has been widely known to be vulnerable to conventional network exploitation, and traditionally Apple has been slow to provide security patches for known exploitable vulnerabilities.

While the Apple iPad provides an attractive platform for use within the GC, the processing of PROTECTED information on the device and the connection of the iPad to GC networks are not recommended.

So in a nutshell, what this article implies is that the iPad is not secure. Well here is my opinion:

Many remote users today use their home computers or are given corporate laptops to do their work.  The majority of these laptops and computers have built in wireless capability. Many businesses and government departments have, or will be, implementing wireless networks in the near future. As a result, the wireless connectivity is usually enabled and often in use on these devices. In addition, most home networks today are using wireless connectivity. So how is wireless in the iPad any different?

Citrix is a common application widely used to connect securely to internal networks by the Government of Canada (GC) and is currently deployed in many Federal Government Departments. The iPad supports several Virtual Private Network (VPN) protocols i.e. Cisco IPSec, L2TP/IPSec and PPTP. Citrix has an iPad application that provides secure VPN connectivity to networks.

It is known that Bluetooth can be secured and as for cellular data networks I can’t believe that everything spoken today using hand held devices is 100% unclassified. Currently, the new BlackBerry Playbook device will have to connect to a cellular device in order to communicate to the Internet or to internal networks. Now doesn’t that open up a whole new set of questions regarding the use of the Playbook?

CSEC endorses the use of the BlackBerry device for connectivity to GC networks. Does CSEC validate all BlackBerry applications before departments use them on the device?  No they don’t.

The CSEC document states that policies can only be pushed to the device if using MS Exchange. Well, what about the BlackBerry? All their policies are controlled by a BlackBerry server known as the BlackBerry Enterprise Server (BES). So what’s the difference? A BES or MS Exchange server? In this sense, there really is no difference. Both are using “pushed” policies.

Did CSEC even review the Apple document “iPad in Business Security Overview “? 

The iPad supports SSL v3 as well as Transport Layer Security (TLS) v1, the next-generation security standard for the Internet. Safari, Calendar, Mail, and other Internet applications automatically start these mechanisms to enable an encrypted communication channel between iPad and corporate services.

Application developers have access to encryption APIs that they can use to further protect their application data. Data can be encrypted using proven methods such as AES, RC4, or 3DES. In addition, iPad provides hardware acceleration for AES and SHA1 encryption, maximizing application performance. The iPad supports RSA SecurID, X.509 Certificates and more authentication methods.

As for “jailbreaking” well you can control what a user can install on the iPad. So how can you jailbreak an iPad if you can’t install the application that performs this function?

Applications on the iPad are “sandboxed” so they cannot access data stored by other applications. In addition, system files, resources, and the kernel are shielded from the user’s application space. This “sandboxing” could be compared equally to virtualization which is something that is also being widely used within the GC.

I’m disappointed with the CSEC article and how they released a document with facts based exclusively upon the review of  “publicly-available Apple product documentation” only. They have not performed an in-depth analysis of the iPad and to me it appears that they really don’t know very much about the product and its capabilities.

I would really like to know what your views are about the iPad in an Enterprise environment.

**Want the BEST new iPad protection? Order your invisibleSHIELD by ZAGG, the strongest protection for your new iPad backed by a 30 day money back guarantee, lifetime replacement warranty, and FREE shipping! Use coupon code 'iphoneinca' for 20% off your purchase! Order today!**

Posted under: Blog News, iPad News, Jailbreaking

  • http://www.primatek.ca/blog Eric

    Really interesting post.

    You have to wonder if there is a “political” agenda behind that document. Or maybe they are simply trying to “delay” the introduction of the iPad until they perform a deeper analysis of the device.

    It will be very interesting to keep getting updates on that topic in the future.

  • Rustybarnacle

    It would be interesting to hear more about this as things change.

  • http://www.iphoneincanada.ca Gary

    Incredible information here. There is no device that is 100% secure when it comes to wireless. It comes down to user due diligence.

  • Darlene

    Yes, it comes down to a Risk Assessment which involves knowing what your risks are and how to best mitigate these risks.

  • iPadExtraordinaire

    I’ve seen the article. Eric, It’s not political – it was just produced by an analyst without appropriate context and without the ability to compare his statements to blackberry. As Darlene rightly points out, the use of Wireless, Bluetooth, and even Exchange-connected security profiles is already prevalent. It’s inappropriate to conclude that in iPad is insecure bcause of these issues.

    Perhaps most fundamentally is that it doesn’t recognize that security belongs within the application layer. We must assume that the OS is untrusted. A stand-alone app with strong authentication and an encrypted data store can still be secure. Use of the Mail app to connect to exchange over SSL with PKI certificate-based authentication & password, and remote wipe is comparable to Blackberry.

    At the end of the day, it’s a perception issue. Apple devices are not ‘geared’ towards the enterprise – think about having Government employees using iTunes to synchronize things.

    Furthermore, the wild popularity of IOS devices means that the cat-mouse game of jailbreaking receives far more interest than a Blackberry.

    Nonetheless, many GC departments are piloting iPads. CSEC would be wise to focus on the baseline standards for using iPads in a supported fashion when processing unclasified information, and to highlight the most salient issues.

  • wayne

    It is not only the devices but also how you use and impliment them. By chance news story out today about how the Canadian government agencies put info at risk. http://home.mytelus.com/telusen/portal/NewsChannel.aspx?ArticleID=news/capfeed/national/OG1115.xml&CatID=National

  • boards

    Excellent post.

  • Cdavid

    It’s inaccurate that policy can only be distributed if MS Exchange is used. IBM Lotus Traveler for iPhone and iPad allows for the distribution of policy and the synchronization of Lotus Notes Calendar, Mail, and Contacts.

  • Pingback: The PlayBook Will Be the First Tablet to Truly Enter Government | BlackBerry Cool

  • Pingback: The PlayBook Will Be the First Tablet to Truly Enter Government | 101 Best BlackBerry Apps

  • tester

    The Real Problem is the device can be jailbroken.. Any device without secure firmwall means any data on the device can be captured if the device is stolen.

  • Pingback: The PlayBook Will Be the First Tablet to Truly Enter Government | blackberry phone reviews