Slashdot Mirror

← Back to Stories (view on slashdot.org)

Aussie Security Forces Testing Apple's iOS

Posted by samzenpus on from the an-ipad-in-every-pouch dept.

lukehopewell1 writes "Australia's Defence Signal Directorate (DSD) is testing the national security capability of Apple's iOS mobile operating system for use on federal networks that transmit national security data. If the operating system is certified as secure, Australian Defence Force personnel, government aides as well as ministers and senators at all levels could see iPads deployed as standard."

2 of 58 comments (clear)

  1. Re:Anecdote by Bert64 · · Score: 4, Insightful

    Security standards as a whole are like that, based on checklists, and the checklists have flaws in them which vendors will often exploit...

    For instance, one of the requirements may be "must encrypt all user data using a recognised encryption algorithm", however they will miss something like where the key should be stored, so you end up with the key being stored on the device where its easily retrieved thus rendering the encryption pretty worthless.

    On the other hand, the threat is often overhyped... The majority of people who would steal something like an ipad are petty criminals who care about how much cash they can get by selling the device, they couldn't care less what data it contains.

    --
    http://spamdecoy.net - free throwaway anonymous email - avoid spam!
  2. Re:What could possibly go wrong? by hawkbat05 · · Score: 5, Informative

    BlackBerry has been tested under FIPS 140-2, CC and CAPS and has been approved for NATO RESTRICTED, UK IL3 and Canada Protected B (among others). It's all available for review here. BlackBerry also supports S/MIME and/or PGP, device and media card encryption, DoD CAC/smartcards (for two factor authentication to the device), Bluetooth encryption, AES256 encryption between the device and it's BlackBerry Enterprise Server, several options for secure remote wipe of the data (even if there is no cellular connection) and all of this can be enforced from a centrally administered server and compliance verified from there as well. Show me how iPhone or Android can even come close to not only the certifications but the security features that can be easily audited for compliance. The only other phone that beat some of this is the Sectera Edge by General Dynamics (which can encrypt voice as well) but I wouldn't call their solution COTS. I know that reads like an advertisement but BlackBerry is really the only one doing all of that (afaik anyway).