When is Encryption Not Encryption? When it’s on Your iPad?

by | Aug 15, 2012 | Bring Your Own Device | 3 comments

20100804-lockIsn’t it wonderful being able to access your work documents anywhere from your iPad? Think they’re safe? Maybe you need to think again. It turns out that the iOS encryption might not afford you quite as much protection as you think it does. This can be particularly painful for organization forming their bring your own device (BYOD) policies without all of the information about personal device security – remember, iOS, iPhone, and iPad were designed first and foremost for consumers, not businesses.

Mark Barrington of iPad Lawyer did a great post describing the false sense of security that iOS device encryption gives to iPad owner. Clearly, not all device encryption is created equally. Head over to the source link to read the full article.

Source: iPad Lawyer
Image credit: KyedTech.com

3 Comments

  1. Pgp software
    Pgp software on September 6, 2012 at 5:07 am

    I just wanted to comment your blog and say that I really enjoyed reading your blog post here. It was very informative and I also digg the way you write! Keep it up and I’ll be back to read more soon mate.

  2. Jason Yeaman
    Jason Yeaman on October 11, 2012 at 11:53 am

    the blog post is based on iOS4, the scenario presumes the laptop that the idevice is synced to has been compromised, and that you circumvent the device security by Jailbreaking jt….and if using Absynthe, requires the device to be unlocked.

    so yes….in your scenario….if you know the device lock passcode, the pc password and username, and you completely circumvent security that Apple codes into the device by using an exploit that allows you to upload a ramdisk and have complete access to the file system…the encryption doesnt mean a whole lot does it?

  3. Eugene Rosenfeld
    Eugene Rosenfeld on October 11, 2012 at 3:23 pm

    Thanks for the details, Jason.

    The point of this post though was more of a warning to organizations that are allowing employees and external personnel to connect personal devices to internal systems. Because the devices are not managed by the organization, the organization has no way to know if:

    1. The device has the latest vendor OS and security patches applies. I.e. is the device running iOS 6 or Android 4.2, or is it still running iOS 4 or Android 2.x?
    2. The device has known malware loaded. There are now plenty of Android and iOS malware that has access to any data on the device.
    3. The device is from a reputable or from a suspicious vendor