Slashdot Mirror

← Back to Stories (view on slashdot.org)

Aussie Security Forces Testing Apple's iOS

Posted by samzenpus on from the an-ipad-in-every-pouch dept.

lukehopewell1 writes "Australia's Defence Signal Directorate (DSD) is testing the national security capability of Apple's iOS mobile operating system for use on federal networks that transmit national security data. If the operating system is certified as secure, Australian Defence Force personnel, government aides as well as ministers and senators at all levels could see iPads deployed as standard."

8 of 58 comments (clear)

  1. What could possibly go wrong? by Noryungi · · Score: 2

    Wasn't there a hack, published recently, that allowed a user to bypass all security & protections on an IOS device, simply through the standard connector?

    I just don't understand how you can seriously evaluate the security of a mainstream COTS OS and expect it to survive more than 5 minutes versus a dedicated attack, not to mention an attack financed by a rogue state. Even industrial controls are becoming more and more endangered -- see stuxnet.

    Other devices, such as the Blackberry, should be banned as well, as the French intelligence has been requesting for quite some time now. And don't even mention the words "Windows", "Mobile" and "Security" in the same sentence, please.

    --
    The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
    1. Re:What could possibly go wrong? by joh · · Score: 3, Informative

      Wasn't there a hack, published recently, that allowed a user to bypass all security & protections on an IOS device, simply through the standard connector?

      No, not all, just some. There are different levels of protection, some were broken and some not. iOS has some newer APIs for that which aren't widely used yet by apps, but they're there and used right they're secure.

    2. Re:What could possibly go wrong? by hawkbat05 · · Score: 5, Informative

      BlackBerry has been tested under FIPS 140-2, CC and CAPS and has been approved for NATO RESTRICTED, UK IL3 and Canada Protected B (among others). It's all available for review here. BlackBerry also supports S/MIME and/or PGP, device and media card encryption, DoD CAC/smartcards (for two factor authentication to the device), Bluetooth encryption, AES256 encryption between the device and it's BlackBerry Enterprise Server, several options for secure remote wipe of the data (even if there is no cellular connection) and all of this can be enforced from a centrally administered server and compliance verified from there as well. Show me how iPhone or Android can even come close to not only the certifications but the security features that can be easily audited for compliance. The only other phone that beat some of this is the Sectera Edge by General Dynamics (which can encrypt voice as well) but I wouldn't call their solution COTS. I know that reads like an advertisement but BlackBerry is really the only one doing all of that (afaik anyway).

  2. Anecdote by Anonymous Coward · · Score: 2, Interesting

    When I graduated from my IT Security and Cryptography degree I saw most of the morons of the class ending up working for ASIO and the DSD, so I wouldn't trust the DSD to certify that my CAT-5 patch cables have connectivity let alone an proprietary operating system. All they do is use inflexible checklists and frameworks to make their decisions on, they can't think outside of the box, and that's where the problems are going to lie.

    1. Re:Anecdote by Bert64 · · Score: 4, Insightful

      Security standards as a whole are like that, based on checklists, and the checklists have flaws in them which vendors will often exploit...

      For instance, one of the requirements may be "must encrypt all user data using a recognised encryption algorithm", however they will miss something like where the key should be stored, so you end up with the key being stored on the device where its easily retrieved thus rendering the encryption pretty worthless.

      On the other hand, the threat is often overhyped... The majority of people who would steal something like an ipad are petty criminals who care about how much cash they can get by selling the device, they couldn't care less what data it contains.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
  3. Spiderman Pyjamas by xixax · · Score: 2

    Information technology used *anywhere* in the Aussie government should be approved by Defense Signals Directorate, the assessment doesn't mean it's going to be used by military personnel ("security forces") for sensitive tasks.

    I'm not surprised they are evaluating the iPhone/iPad. It's trendy, is probably cheaper than Blackberry (AFAIK only currently evaluated smart phone product) and it has all the hallmarks of classic "Spiderman Pyjamas" for style aware executives. Probably more a case of people having private iPhones and being underwhelmed by the available approved options.

    No doubt they'll get pressure to assess Andriod next.

    --
    "Everything is adjustable, provided you have the right tools"
  4. Re:Phew! Not so bad! by naz404 · · Score: 2

    The U.S. Department of Defense uses Flash/Flex as solutions for a number of their coordination tools, especially for mapping and data visualization.

    Not kidding. Looks like a simplified real deal command-and-conquer RTS app.

    Flash is pretty much the go to guy for easy-to-build rich GUIs, which even AAA game titles (Like Starcraft II, Streetfighter IV, etc) use Flash for their GUIs via Scaleform technology.

    --
    http://www.object404.com
  5. Re:yes, quite by geogob · · Score: 2

    to use iOS products in a secure manner

    OK... what? When was iOS last developed as a military grade secure system?

    Does it have to be? In the military (or in general one should say), security is a relative thing. Although the device may not be suited for some security level and/or requirements, it may be fine for others. There's no such thing as a "military grade security". But there are many military security grades, for some of which off the shelf devices are totally adequate.