Where is the encryption, Steve?

Discussion in 'iPhone' started by pocketdoc, Apr 5, 2009.

  1. pocketdoc macrumors 6502a

    Joined:
    Apr 15, 2008
    #1
    I love my iPhone. Let's get that out there right now.

    HOWEVER, being a physician, encryption is VERY necessary when viewing or transferring patient information. It is required by law (HIPAA).

    Microsoft and RIM have long encrypted their devices. Why hasn't Apple? I know there must be a good reason for this, but if Steve wants to penetrate the medical field as well as corporations, encryption needs to be addressed.

    I see no mention of this in 3.0. Am I wrong?

    Anyone know if encryption is coming?
     
  2. goodcow macrumors 6502a

    Joined:
    Aug 4, 2007
  3. LinMac macrumors 65816

    Joined:
    Oct 28, 2007
    #3
    The OP means full device encryption the way Blackberry and Windows Mobile encrypt the device with virtually no way to get data off of the device without the passcode.
     
  4. musio macrumors 68020

    musio

    Joined:
    Jun 2, 2008
    #4
  5. Night Spring macrumors G5

    Night Spring

    Joined:
    Jul 17, 2008
    #5
    There's been many threads asking how to get data off a pass-code locked iPhone, and the answer always has been that it's impossible unless you are the legitimate owner of the iphone and have the computer it regularly syncs with. How exactly is the blackberry or winmo more secure than that?
     
  6. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #6
    That answer isn't really fully correct... it's correct in the sense that a user can't get their information back off the phone in a usable format, but not in the sense that the information could not be viewed at all. If the phone is jailbreaked already (worse case scenario, although one probably ought not be jailbreaking a device they wish to be HIPAA compliant), then can someone who got it not SSH onto it, copy files off it, and then extract sensitive information from the files?

    Were it not jailbreaked, I believe there are enough exploits to allow jailbreaking it even with the password intact, although I'm less sure about this.

    But I don't think, so far, Apple really promised encryption. It'll be interesting to see if/when they get around to adding it.

    FWIW, I think Apple's implicit argument is that the fact that it has a remote wipe feature essentially complies with HIPAA requirements. I'm not endorsing that view, just making an observation.
     
  7. pocketdoc thread starter macrumors 6502a

    Joined:
    Apr 15, 2008
    #7
    The problem for me (and others) is primarily with SMS messages. We send messages to one another and through our office about patients. The iPhone is not encrypted, and there is only one jailbroken app that solves this problem.

    As already stated, MS and BB are already encrypted.
     
  8. Aaleck macrumors 6502a

    Aaleck

    Joined:
    Oct 11, 2007
    Location:
    Michigan, USA
    #8
    Nope, haven't heard of anything... unless it's already there and Apple hasn't told anyone?
     
  9. themiracle macrumors regular

    Joined:
    May 7, 2007
    #9
    I mean I'm almost positive that you can drop the phone into DFU mode and jailbreak it with SSH installed and be good to go from there. Stuff like Notes and SMS are basically unencrypted databases that can be read back fairly easily when pulled off the phone. There might even be a way to pull off the passcode lock somewhere in the filesystem.
     
  10. firewood macrumors 604

    Joined:
    Jul 29, 2003
    Location:
    Silicon Valley
    #10
    With a berry, even if you take apart the phone and desolder/remove the flash chips from the circuit board, you still can't easily read the unencrypted data from the chips. With an iPhone, all you might need is a well equipped engineering and/or forensics lab, and the manufacturers data sheet for the flash memory chips.

    ymmv.
     
  11. firewood macrumors 604

    Joined:
    Jul 29, 2003
    Location:
    Silicon Valley
    #11
    That might already be a HIPPA violation. SMS messages are sent in plain text on known radio channels, not encrypted, and can be eavesdropped by modified radio test equipment.

    But IANAL.
     
  12. kAoTiX macrumors 6502

    kAoTiX

    Joined:
    Oct 14, 2008
    Location:
    Midlands, UK
    #12
    I also agree that there should be some kind of encryption available, not only for text messages but for paritions on the iPhone flash memory itself. It's layout is similar to unix and therefore should be able to support encrypted partitions.

    To say that you transfer patient details via text is actually worrying and somewhat strange.

    One thing I would like to see is the integration of PGP for e-mails built into the e-mail client.
    Additional to that, actual proxy support/SSH tunneling for connections such as mail and web. I use an encrypted proxy tunnel for most of my web communications due to the nature of my business and find it to be both secure and easy to use.
     
  13. pocketdoc thread starter macrumors 6502a

    Joined:
    Apr 15, 2008
    #13
    Transferring patient information via cell phones is not "worrisome". I do not do it on the iPhone because IT IS NOT AN ENCRYPTED DEVICE. I love my iPhone and think it is an amazing phone. However...

    I HAVE done it in the past with Blackberry and Windows Mobile devices, because the information transmitted is ENCRYPTED by the sender and the devices.

    Having the phone password protected to GET INTO the phone is nice, but the problem is with transferring the information from device to device. Everything is encrypted up until it reaches the iPhone. That is where the encryption stops.

    I don't know how to make this any clearer.

    Again, if Apple wants to penetrate the medical and exec. world, they should encrypt their devices.

    That's all from me. I am getting down form my soapbox now. :)
     
  14. kdarling macrumors demi-god

    kdarling

    Joined:
    Jun 9, 2007
    Location:
    Cabin by a lake with snow softly falling
    #14
    Other phones have encrypted SMS clients available. The iPhone doesn't because developers are not allowed to write SMS apps like you can on every other major phone OS.
     
  15. crazzyeddie macrumors 68030

    crazzyeddie

    Joined:
    Dec 7, 2002
    Location:
    Florida, USA
    #15
    SMS is NOT encrypted when sent over the carriers' networks. The only way BB communication is encrypted is when it is routed through a BES, which is essentially encrypted email, which the iPhone does as well.
     
  16. Cromulent macrumors 603

    Cromulent

    Joined:
    Oct 2, 2006
    Location:
    The Land of Hope and Glory
    #16
    SMS messages are not a secure means to send data between phones.
     
  17. pocketdoc thread starter macrumors 6502a

    Joined:
    Apr 15, 2008
    #17
    I stand corrected.

    If our office sends a message via secure Email and it arrives as an SMS, is that still interceptable?

    Not sure how HIPAA can be applied to cellular devices...

    I did see an app on Cydia that encrypts messages, but have not tried it.
     
  18. spikedfo macrumors regular

    Joined:
    Oct 29, 2008
  19. firewood macrumors 604

    Joined:
    Jul 29, 2003
    Location:
    Silicon Valley
    #19
    Can you receive that SMS on a stock iPhone or regular non-smart cell phone?
     
  20. megamanbnmaster macrumors 6502

    Joined:
    Jan 26, 2008
    #20
    I'm not sure about the whole SSH thing, but if you change the password for SSH from alpine to something else, is there really a way (short of a restore) to SSH into a phone without the required password?

    Also, encryption has never been the case. Once it hits the AT&T server, the encryption goes bye bye. You're better off sending emails to each other as they're mostly 256k encrypted.
     
  21. Night Spring macrumors G5

    Night Spring

    Joined:
    Jul 17, 2008
    #21
    Programs like DiskAid and iPhoneBrowser let you browse a jailbroken phone's file system without requiring password for access.
     
  22. kAoTiX macrumors 6502

    kAoTiX

    Joined:
    Oct 14, 2008
    Location:
    Midlands, UK
    #22
    I think some of you guys are missing the process behind encrypted messages, namely SMS or e-mails.
    You're saying that when it hits a carrier its decrypted. Are you crazy?
    If something is encrypted, it is encrypted using some kind of key. This key is not known by a carrier and therefore they cannot decrypt the data when they receive it.
    The phone on the other end of the SMS has the key to decrypt it, which happens on the device itself.

    This is not on the iPhone currently so it is a little off-topic.
    As a software developer, the means of encryption on non-encrypted networks is something I have done for clients in the past. I have made, and personally use an MSN encryption library that encrypts text sent over msn between compatible clients. This encrypts only the body of the message and none of the headers, thus causing it to be completely compatible with Microsofts network yet there is no way they can decrypt it unless they have your key. In my case I use PGP and my key was not transfered over an unencrypted network to begin with so again, only the intended receipient has the key.

    I have only recently begun programming for the iPhone but I would seriously consider making a 3rd party app to support encrypted SMS/Mail. If anyone would be interested in such an app then please let me know and we can work together to map out what would be needed.
     
  23. retroneo macrumors 6502a

    Joined:
    Apr 22, 2005
    #23
    No, SMS messages are encrypted over the air using A5/3 (KASUMI)
     
  24. ppc750fx macrumors 65816

    Joined:
    Aug 20, 2008
    #24
    The iPhone doesn't support S/MIME either, which is a bit of a surprise given Mail.app's stellar support for it...
     
  25. shabbado macrumors member

    shabbado

    Joined:
    Apr 10, 2009
    Location:
    Las Vegas
    #25
    I doubt encryption is coming due to the International laws on encryption and iPhone apps being sold outside of the U.S.
     

Share This Page