iPhone 2.0 Connected to Exchange Server. Security Issues?

Discussion in 'iPhone' started by screensaver400, Sep 25, 2008.

  1. screensaver400 macrumors 6502a

    Joined:
    Jan 28, 2005
    #1
    So I have a personally owned and paid for iPhone 3G, and I've successfully connected it to my employer's Exchange server. I didn't ask them--I just guessed the server (mail.companyname.com), and entered my work computer's login information. It works fine, including Push email.

    However, I remember Steve Jobs' demo of all the new enterprise features, including remote wipe.

    Is it technically possible for my employer's IT department to both find that my iPhone is accessing the exchange server, and do anything bad to me? For instance, would it be possible for them to initiate a remote wipe of my device? To place any limitations on my phone? To access personal data?

    Bear in mind, I just typed in my work email address, Exchange server, and username and password. That's literally all. Based on that alone, can the IT guys do anything to my phone?

    I'm hoping that, unless you do something "special," (e.g., install special enterprise settings) this Exchange system just functions like a normal POP3/IMAP email account. But I want to make sure.
     
  2. dchen720 macrumors member

    Joined:
    Jul 23, 2008
    #2
    this is too advance for me to understand
     
  3. TEG macrumors 604

    TEG

    Joined:
    Jan 21, 2002
    Location:
    Langley, Washington
    #3
    Not to my knowledge, Remote Wipe requires a Corporate Activated iPhone. I use my iPhone at a company with Exchange and the only thing they were able was to institute passcode lock to be active in order to connect to the exchange server for e-mail. Thankfully, the employees complained, and they removed that requirement.

    TEG
     
  4. screensaver400 thread starter macrumors 6502a

    Joined:
    Jan 28, 2005
    #4
    So you're telling me that my connection to the Exchange server will function just like any old POP3/IMAP account?
     
  5. TEG macrumors 604

    TEG

    Joined:
    Jan 21, 2002
    Location:
    Langley, Washington
    #5
    Except for getting push mail, and your exchange contacts/calendar wiping out your synced contacts/calendar unless you use mobileMe, then yes, it will work almost exactly as an IMAP account.

    TEG
     
  6. alexboy45 macrumors regular

    Joined:
    Nov 7, 2007
    #6
    YEG: the IT guys at your office will be able to remote wipe your iphone if it is setup for push email through the excnahge settings. it is a bult in function of direct push. you have to install a web page on the server to enable this. i have attached a screen shot

    http://www.youtube.com/watch?v=qahEtJMx_mo
     

    Attached Files:

  7. jalen9827 macrumors newbie

    Joined:
    Sep 23, 2008
    #7
    I just tested. You can wipe phone.

    Using exchange 2007 I was able to go into exchange console, select user, select mobile devices, use wizrd that comes up to eiher remove mobile device from server or remote wipe. I remote wiped my phone and now have to restore from backup (no big deal). I did not need to go to web admin portal or anything as previously mentioned. You better hope you do not upset your IT department.....
     
  8. tomzak macrumors newbie

    Joined:
    Sep 12, 2008
    #8
    I believe (I may be wrong) this is a feature of Exchange 2007. So, if your company is still using Exchange 2003, the only option they have is to disable your mobile account. Again, I'm no expert on this...:D
     
  9. bdorpetzl macrumors regular

    bdorpetzl

    Joined:
    Jul 13, 2007
    Location:
    Port Washington, Wisconsin - Boats and Beer . . .
    #9
    In both Exchange 2003 and 2007 recipients who have a mobile device association are tagged as having a mobile device. In 2007, the Exchange Management Console allows the admin. to manage the mobile devices, which includes wiping the device.

    So if your iPhone is setup through ActiveSync, your IT guys should know that you have a mobile device association, especially if they are running Exchange 2007.

    Edit: Here is a pic from the Management Console mobile device manager.
     

    Attached Files:

  10. jaggunothing macrumors regular

    jaggunothing

    Joined:
    Jul 30, 2008
    Location:
    Bangalore, India
    #10
    Yes they can do a remote wipe and if they are smart enough, can find out you have added mobile device.

    If you have web access to your exchange server, you can find these under options>mobile devices, from this page you also have an access to delete the device association or wipe it out.

    As far as my understanding goes, even if Push is not activated, when a manual fetch is done, device will be wiped out, if the admin has instructed so in the exchange.
     
  11. kevin512 macrumors member

    kevin512

    Joined:
    Aug 19, 2008
    #11
    Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 2_1 like Mac OS X; en-us) AppleWebKit/525.18.1 (KHTML, like Gecko) Version/3.1.1 Mobile/5F136 Safari/525.20)

    Would they have access to your phone to see texts, contacts, other email, phone calls made/received, etc? Similar to a BB being hooked up to a BES?



    Like the OP, I just used my work owa url to add my work exchange email to my iPhone.
     
  12. jalen9827 macrumors newbie

    Joined:
    Sep 23, 2008
    #12
    Admins - do not have access to your sms, etc.,

    I could be wrong, but I have not found a way to gain access to sms, phone calls, etc., This is with either Exchange 2003 or 2007....
     
  13. bdorpetzl macrumors regular

    bdorpetzl

    Joined:
    Jul 13, 2007
    Location:
    Port Washington, Wisconsin - Boats and Beer . . .
    #13
    I admin my company's exchange box, I double checked, and you can't get phone logs or sms logs for devices. I believe it has to do with the relationship between the BES and BBs.
     
  14. GC2MajorTom macrumors newbie

    Joined:
    Jan 6, 2009
    #14
    There is a MobileAdmin app (see above screenshot) that can be installed for 2003 to allow a wipe (permanent if left active) on your iPhone. by permanent, if the setting is never changed or the iPhone deleted through this GUI, any time you try and reconnect the iPhone it will start the wipe process again, effectively making the iPhone useless for Exchange.

    As for finding your phone, I have a script (freely found on the WEB that will allow for scanning of all e-mail servers) for accounts that are using ActiveSync which will also identify the type of device used by the user.

    So to answer the original posters question, yes, you can be found out, and yes, they can set your device to wipe, and as mentioned above, pretty much forever so I would make regular backups of any personal data and info you would like to put back on it after it is wiped.
     
  15. GC2MajorTom macrumors newbie

    Joined:
    Jan 6, 2009
    #15
    Quick clarification, this is requried for Exchange 2003 if you want to be able to remote wipe AS devices. As already noted, 2007 has this function built in.
     
  16. ITGuy7400 macrumors newbie

    Joined:
    Jun 24, 2009
    #16
    If you set up your iPhone like a POP3 account, then you aren't having the Exchange server "push" email.

    And only way IT admins can wipe the phone is if you set it up using ActiveSync and to work with Exchange. If you set up email like a POP3/IMAP client, then no.
     

Share This Page