Given what is publicly known about the fact that any IOS device that is connected to another data-bearing device transfers all of its trust envelope to that second device this means that an IOS device in a corporate environment now becomes only as secure as a personal computer in said employee’s home that is not under control of the corporate IT department.
Now contemplate this — said Ford employee, with a device that Ford, the company believes is “secure”, connects said phone to their personal computer at home to transfer some music. Said computer at home has a virus on it that it picked up when that person, on their own time and in the privacy of their own home, surfed to some porn site on the Internet.
That virus sends the trust records for the iPhone back to a hacker in China!
The device’s security has now been permanently compromised; said hacker can now, any time the device is on a network where he also has presence (say, a public WiFi point) access huge amounts of data off said device, including the contact lists, messages, pictures and similar items, along with (gulp!) OAUTH tokens. The latter, by the way, is identical in effect to having someone’s password for social media accounts; this allows the impersonation of that individual on those accounts.
Secure my ass.
Denninger is usually more wroth than even I am, but I don’t really follow the argument here. Trust envelope? What?
Is this something we should really worry about?