I Don’t Really Understand This: Help Me Out, Truegeeks?
Bill Quick

Ford’s Folly (iPhones) in [Market-Ticker]

Given what is publicly known about the fact that any IOS device that is connected to another data-bearing device transfers all of its trust envelope to that second device this means that an IOS device in a corporate environment now becomes only as secure as a personal computer in said employee’s home that is not under control of the corporate IT department.

Read this again.

Now contemplate this — said Ford employee, with a device that Ford, the company believes is “secure”, connects said phone to their personal computer at home to transfer some music.  Said computer at home has a virus on it that it picked up when that person, on their own time and in the privacy of their own home, surfed to some porn site on the Internet.

That virus sends the trust records for the iPhone back to a hacker in China!

The device’s security has now been permanently compromised; said hacker can now, any time the device is on a network where he also has presence (say, a public WiFi point) access huge amounts of data off said device, including the contact lists, messages, pictures and similar items, along with (gulp!) OAUTH tokens. The latter, by the way, is identical in effect to having someone’s password for social media accounts; this allows the impersonation of that individual on those accounts.

Secure my ass.

Denninger is usually more wroth than even I am, but I don’t really follow the argument here. Trust envelope? What?

Is this something we should really worry about?

Bill Quick

About Bill Quick

I am a small-l libertarian. My primary concern is to increase individual liberty as much as possible in the face of statist efforts to restrict it from both the right and the left. If I had to sum up my beliefs as concisely as possible, I would say, "Stay out of my wallet and my bedroom," "your liberty stops at my nose," and "don't tread on me." I will believe that things are taking a turn for the better in America when married gays are able to, and do, maintain large arsenals of automatic weapons, and tax collectors are, and do, not.

Comments

I Don’t Really Understand This: Help Me Out, Truegeeks? — 1 Comment

  1. It may be a term he made up? Googling “trust envelope” just returns a bunch of pages about ordering security envelopes for mailing things.

    I assume he means, more or less, the collected authentication data that device has.