Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iPhone 2.0 Connected to Exchange Server. Security Issues?

S

screensaver400

macrumors 6502a
Original poster
Jan 28, 2005
863
52
So I have a personally owned and paid for iPhone 3G, and I've successfully connected it to my employer's Exchange server. I didn't ask them--I just guessed the server (mail.companyname.com), and entered my work computer's login information. It works fine, including Push email.

However, I remember Steve Jobs' demo of all the new enterprise features, including remote wipe.

Is it technically possible for my employer's IT department to both find that my iPhone is accessing the exchange server, and do anything bad to me? For instance, would it be possible for them to initiate a remote wipe of my device? To place any limitations on my phone? To access personal data?

Bear in mind, I just typed in my work email address, Exchange server, and username and password. That's literally all. Based on that alone, can the IT guys do anything to my phone?

I'm hoping that, unless you do something "special," (e.g., install special enterprise settings) this Exchange system just functions like a normal POP3/IMAP email account. But I want to make sure.
 
screensaver400 said:
So I have a personally owned and paid for iPhone 3G, and I've successfully connected it to my employer's Exchange server. I didn't ask them--I just guessed the server (mail.companyname.com), and entered my work computer's login information. It works fine, including Push email.

However, I remember Steve Jobs' demo of all the new enterprise features, including remote wipe.

Is it technically possible for my employer's IT department to both find that my iPhone is accessing the exchange server, and do anything bad to me? For instance, would it be possible for them to initiate a remote wipe of my device? To place any limitations on my phone? To access personal data?

Bear in mind, I just typed in my work email address, Exchange server, and username and password. That's literally all. Based on that alone, can the IT guys do anything to my phone?

I'm hoping that, unless you do something "special," (e.g., install special enterprise settings) this Exchange system just functions like a normal POP3/IMAP email account. But I want to make sure.
Click to expand...

this is too advance for me to understand
 
Not to my knowledge, Remote Wipe requires a Corporate Activated iPhone. I use my iPhone at a company with Exchange and the only thing they were able was to institute passcode lock to be active in order to connect to the exchange server for e-mail. Thankfully, the employees complained, and they removed that requirement.

TEG
 
TEG said:
Not to my knowledge, Remote Wipe requires a Corporate Activated iPhone. I use my iPhone at a company with Exchange and the only thing they were able was to institute passcode lock to be active in order to connect to the exchange server for e-mail. Thankfully, the employees complained, and they removed that requirement.

TEG
Click to expand...

So you're telling me that my connection to the Exchange server will function just like any old POP3/IMAP account?
 
screensaver400 said:
So you're telling me that my connection to the Exchange server will function just like any old POP3/IMAP account?
Click to expand...

Except for getting push mail, and your exchange contacts/calendar wiping out your synced contacts/calendar unless you use mobileMe, then yes, it will work almost exactly as an IMAP account.

TEG
 
YEG: the IT guys at your office will be able to remote wipe your iphone if it is setup for push email through the excnahge settings. it is a bult in function of direct push. you have to install a web page on the server to enable this. i have attached a screen shot

http://www.youtube.com/watch?v=qahEtJMx_mo
 

Attachments

  • untitled.JPG
    untitled.JPG
    83.9 KB · Views: 273
I just tested. You can wipe phone.

Using exchange 2007 I was able to go into exchange console, select user, select mobile devices, use wizrd that comes up to eiher remove mobile device from server or remote wipe. I remote wiped my phone and now have to restore from backup (no big deal). I did not need to go to web admin portal or anything as previously mentioned. You better hope you do not upset your IT department.....
 
I believe (I may be wrong) this is a feature of Exchange 2007. So, if your company is still using Exchange 2003, the only option they have is to disable your mobile account. Again, I'm no expert on this...:D
 
In both Exchange 2003 and 2007 recipients who have a mobile device association are tagged as having a mobile device. In 2007, the Exchange Management Console allows the admin. to manage the mobile devices, which includes wiping the device.

So if your iPhone is setup through ActiveSync, your IT guys should know that you have a mobile device association, especially if they are running Exchange 2007.

Edit: Here is a pic from the Management Console mobile device manager.
 

Attachments

  • exchange.jpg
    exchange.jpg
    119.9 KB · Views: 258
Yes they can do a remote wipe and if they are smart enough, can find out you have added mobile device.

If you have web access to your exchange server, you can find these under options>mobile devices, from this page you also have an access to delete the device association or wipe it out.

As far as my understanding goes, even if Push is not activated, when a manual fetch is done, device will be wiped out, if the admin has instructed so in the exchange.
 
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 2_1 like Mac OS X; en-us) AppleWebKit/525.18.1 (KHTML, like Gecko) Version/3.1.1 Mobile/5F136 Safari/525.20)

Would they have access to your phone to see texts, contacts, other email, phone calls made/received, etc? Similar to a BB being hooked up to a BES?



Like the OP, I just used my work owa url to add my work exchange email to my iPhone.
 
Admins - do not have access to your sms, etc.,

I could be wrong, but I have not found a way to gain access to sms, phone calls, etc., This is with either Exchange 2003 or 2007....
 
tomzak said:
I believe (I may be wrong) this is a feature of Exchange 2007. So, if your company is still using Exchange 2003, the only option they have is to disable your mobile account. Again, I'm no expert on this...:D
Click to expand...

There is a MobileAdmin app (see above screenshot) that can be installed for 2003 to allow a wipe (permanent if left active) on your iPhone. by permanent, if the setting is never changed or the iPhone deleted through this GUI, any time you try and reconnect the iPhone it will start the wipe process again, effectively making the iPhone useless for Exchange.

As for finding your phone, I have a script (freely found on the WEB that will allow for scanning of all e-mail servers) for accounts that are using ActiveSync which will also identify the type of device used by the user.

So to answer the original posters question, yes, you can be found out, and yes, they can set your device to wipe, and as mentioned above, pretty much forever so I would make regular backups of any personal data and info you would like to put back on it after it is wiped.
 
alexboy45 said:
YEG: the IT guys at your office will be able to remote wipe your iphone if it is setup for push email through the excnahge settings. it is a bult in function of direct push. you have to install a web page on the server to enable this. i have attached a screen shot

http://www.youtube.com/watch?v=qahEtJMx_mo
Click to expand...

Quick clarification, this is requried for Exchange 2003 if you want to be able to remote wipe AS devices. As already noted, 2007 has this function built in.
 
screensaver400 said:
So I have a personally owned and paid for iPhone 3G, and I've successfully connected it to my employer's Exchange server. I didn't ask them--I just guessed the server (mail.companyname.com), and entered my work computer's login information. It works fine, including Push email.

However, I remember Steve Jobs' demo of all the new enterprise features, including remote wipe.

Is it technically possible for my employer's IT department to both find that my iPhone is accessing the exchange server, and do anything bad to me? For instance, would it be possible for them to initiate a remote wipe of my device? To place any limitations on my phone? To access personal data?

Bear in mind, I just typed in my work email address, Exchange server, and username and password. That's literally all. Based on that alone, can the IT guys do anything to my phone?

I'm hoping that, unless you do something "special," (e.g., install special enterprise settings) this Exchange system just functions like a normal POP3/IMAP email account. But I want to make sure.
Click to expand...

If you set up your iPhone like a POP3 account, then you aren't having the Exchange server "push" email.

And only way IT admins can wipe the phone is if you set it up using ActiveSync and to work with Exchange. If you set up email like a POP3/IMAP client, then no.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back