Recently, President Obama revealed that he wasn't allowed to use an iPhone for security reasons -- conspiracy theorists...
say it's because the National Security Agency and foreign governments can hack the iPhone. Yet, many organizations swear by iOS because Android has so many reported risks. Are iPhones really insecure? Is there such a thing as a secure smartphone?
For whatever reason, it has been decided that the risk of President Obama using an iPhone is too high and therefore has to be avoided -- hence he can't have one. He has been seen recently with a Mac and an iPad, so it may well be that sufficient encryption controls can't be added to the closed operating system of an iPhone to consider telephone conversations on it safe from snooping by foreign governments. President Obama has always favored BlackBerry smartphones, but data on these devices has also been accessible by American and British intelligence agencies. (Obama now uses a unique NSA-approved model, dubbed BlackBerry One.)
It is easy to be overly paranoid following Edward Snowden's revelations about the extent of the surveillance carried out by the NSA and its attempts to weaken certain encryption algorithms and exploit vulnerabilities to gain access to information. The NSA and its U.K. counterpart, the Government Communications Headquarters, have also been developing the ability to take advantage of smartphone apps, such as the popular Angry Birds game, to capture the information the apps transmit across the Internet. The truth of the matter is that any device connected to a network or telecom system is at risk of being attacked, and the information it holds in danger of being compromised.
To survive in today's interconnected world, an organization must open up its network to suppliers, customers and employees. This means that devices and applications that connect to a network have to be assessed for potential risks. The risks found must be accepted, mitigated, transferred or avoided.
If an organization considers secure smartphone use essential, but feels that the information stored on or transmitted by the devices is highly confidential, there are vendors available who offer enhanced encryption features. Two Swiss firms, Silent Circle and Geeksphone, have announced the upcoming release of Blackphone, which runs on a security-oriented Android called PrivatOS. It is an open source project promising to be both carrier- and vendor-independent, while simultaneously offering secure phone calls, video chat, texts, and file storage and transfer. Existing secure smartphones include Sectéra Edge from General Dynamics, which is certified to protect wireless voice communications classified as top secret, as well as access to email and websites classified as secret. If this type of product is beyond your budget, Cellcrypt Mobile is an application that provides end-to-end real-time encryption for Android, BlackBerry, iPhone and Nokia smartphones without the need for specialized equipment.
The main threat to smartphone security, however, remains the user. Strongly enforced acceptable-usage policies backed up with security awareness training are crucial to keeping smartphone data and communications both safe and secure.
Ask the Expert!
Want to ask Michael Cobb a question about application security? Submit your question now via email! (All questions are anonymous.)
Learn about popular settings to make your smartphone more secure
Watch a video about smartphone security policies
Check out our guide on mobile endpoint security
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.