Results 1 to 20 of 20
  1. expidia's Avatar
    Posts
    190 Posts
    Global Posts
    740 Global Posts
       #1  
    My office says I can only use a Blackberry at this point in time because a Treo is not a secure device.

    I wonder how secure sending info back and forth with wireless sync is?
    Anyone have an answer to this?
    Palm III,V>6035>7135>650>700p (on Vzn), PalmBT Treo Hdset>i-Trek BT GPS>TomTom Nav6>755p
  2. #2  
    If I am not mistaken it is triple DES encrypted the same as Sprint's product. If so, I believe it is just as secure as blackberry.

    Oh, and it isn't routed through another country like all of blackberry's servers are.

    Verizon should have a security whitepaper somewhere on their site. I know Sprint does.
  3. #3  
    Wireless Sync forces you to put your entire Contacts database and calendar on a Verizon server, even if you only want to sync email, and there's no way to stop it. I wouldn't use it.
  4. expidia's Avatar
    Posts
    190 Posts
    Global Posts
    740 Global Posts
       #4  
    That's what I thought!
    Palm III,V>6035>7135>650>700p (on Vzn), PalmBT Treo Hdset>i-Trek BT GPS>TomTom Nav6>755p
  5. #5  
    <moved>
    V > Vx > m505 > m515 > T/T > T3 > TC > 650 > 680
    <script type="text/javascript" src="http://download.skype.com/share/skypebuttons/js/skypeCheck.js"></script>
    <a href="skype:wwgamble?call"><img src="http://mystatus.skype.com/balloon/wwgamble" style="border: none;" width="150" height="60" alt="My Skype status" /></a>
  6. #6  
    Wireless Sync is actually Intellisync Wireless E-Mail Express re-branded by Verizon. I don't know for sure, but I suspect your data might actually not be on Verizon servers at all but on Intellisync servers.
    Current: iPhone 3G
    Retired from active duty: Treo 800w, Sprint Touch, Mogul, Apache, Cingular Treo 650, HP iPaq 4350, T|T, M505 - Nokia 3650 - SE R520m, T610, T637, Moto P280, etc, etc...
  7. #7  
    Oh, and you might want to check out the Intellisync website for security info.
    Current: iPhone 3G
    Retired from active duty: Treo 800w, Sprint Touch, Mogul, Apache, Cingular Treo 650, HP iPaq 4350, T|T, M505 - Nokia 3650 - SE R520m, T610, T637, Moto P280, etc, etc...
  8. #8  
    and also remember that Wireless Sync has three flavors (other than a basic POP/IMAP client, which is not what I'm talking about below):

    They have two hosted models (where your data does reside on their servers - the same as the Blackberry hosted model, called BB Web Client, and now called BB Internet Service), and one server model (which also works just like the Blackberry Enterprise Server)
    The two hosted models:
    - personal version, where you leave your PC on and connected to your company's network. Not that secure.
    - departmental version, where one PC is connected to the network, and basically acts as a proxy for up to 25 or so users. It can be secure,, but again, since it's a hosted model, many IT folks don't dig it.
    Both of these models are free. No cost for the software.

    Their Server model works just like the BB Enterprise Server (BES). IT installs the Wireless Sync Server on a server behind the firewall, and it's just as secure as the BES that they love today. Full device management and remote kill/wipe,etc. In fact, Intellisync's device mgmt functions are rated by IDC as much higher than BES.

    All of these use AES and 3DES security, and the server version is completely blocked off from public access, etc - no data resides outside the DMZ. So - your IT guys don't know the whole picture. They <think> the Treo is not a secure device because they don't know what options are out there. Good and Intellisync make the Treo as secure as any BB device; probably moreso. But IT won't want to support another server, unless someone in power at your organization forces them to.
    Education - that's all it takes.
  9. expidia's Avatar
    Posts
    190 Posts
    Global Posts
    740 Global Posts
       #9  
    Thank you much for this in depth reply!
    Palm III,V>6035>7135>650>700p (on Vzn), PalmBT Treo Hdset>i-Trek BT GPS>TomTom Nav6>755p
  10. #10  
    Security on wireless devices is actually quite the study. Last year I wrote a paper for my university about Wireless Security. There are several points where your data is on foreign networks and is unencrypted. Bear in mind that most cellular providers rely on each other in areas with weak services. For example, T-Mobile customers may roam on to Cingular's data network. At several points the data is unencrypted. If anyone wants more info I have a 10 page paper on this and tons of links and resources.
  11. #11  
    If data is encrypted at the mobile device and decrypted at the destination, how is it possible that it would be unencrypted when roaming on a different network? That sounds impossible.
    Current: iPhone 3G
    Retired from active duty: Treo 800w, Sprint Touch, Mogul, Apache, Cingular Treo 650, HP iPaq 4350, T|T, M505 - Nokia 3650 - SE R520m, T610, T637, Moto P280, etc, etc...
  12. #12  
    Phurth at some points the data has to be decrypted when it moves from network to network. So at points the data is unencrypted (one site a vulnerability exists.) I really don't want to start a flame or anything here but it's stupid to believe anything is completley secure.

    I point you to this blog entry and the attached white papers about GPRS security. There are several points of vulnerability within current GPRS services. (I suggest reading GSM attacks and GSM Security powerpoint.) These are some great resources to start with.

    Never assume anything to be secure. NEVER EVER.
  13. #13  
  14. #14  
    Sorry to post again but.

    Look at your OSI Model - encryption should take place in the 2nd or 3rd layer. Not technically on the device itself. At the router level - different wireless providers use different technologies and different standards. Vulnerabilities exist when standards dont match. Consider how many hops data must take from a GPRS device to get to a server.
  15. #15  
    I'm certainly not interested in flaming... just learning. As you can see my assumption was that encryption ensured (reasonable) security. Now I'm questioning that assumption.

    Is the problem primarily with GSM/GPRS or are CDMA carriers vulnerable as well?

    EDIT: I think you just answered my question...
    Current: iPhone 3G
    Retired from active duty: Treo 800w, Sprint Touch, Mogul, Apache, Cingular Treo 650, HP iPaq 4350, T|T, M505 - Nokia 3650 - SE R520m, T610, T637, Moto P280, etc, etc...
  16. #16  
    Quote Originally Posted by wifigenius
    Sorry to post again but.

    Look at your OSI Model - encryption should take place in the 2nd or 3rd layer. Not technically on the device itself. At the router level - different wireless providers use different technologies and different standards. Vulnerabilities exist when standards dont match. Consider how many hops data must take from a GPRS device to get to a server.
    I doubt it takes place in the 2nd and 3rd layer more likely the 6th or 7th.
  17. #17  
    I looked at the OSI Model again. Layer 6 (Presentation layer) handles encryption.
    Sorry that was my mistake.

    I was thinking that some of the encryption would have to be handled at the router level. All apps (at least on my Treo) do not visibly show they are being encrypted before upload. For that reason I would assume network hardware in layers 2 and or 3 handled some of that encryption. Or securing of more common data, where the apps provide little or no encryption.
  18. #18  
    Quote Originally Posted by wifigenius
    I looked at the OSI Model again. Layer 6 (Presentation layer) handles encryption.
    Sorry that was my mistake.

    I was thinking that some of the encryption would have to be handled at the router level. All apps (at least on my Treo) do not visibly show they are being encrypted before upload. For that reason I would assume network hardware in layers 2 and or 3 handled some of that encryption. Or securing of more common data, where the apps provide little or no encryption.
    So where does this leave us with the security of encrypted data while roaming?
    Current: iPhone 3G
    Retired from active duty: Treo 800w, Sprint Touch, Mogul, Apache, Cingular Treo 650, HP iPaq 4350, T|T, M505 - Nokia 3650 - SE R520m, T610, T637, Moto P280, etc, etc...
  19. #19  
    Note - I removed Wireless Sync from my Treo and PC and now do HotSync only.

    I don't care how many layers of AES encryption or otherwise exist. I simply don't
    want my critical data stored anywhere except places where I have physical
    control.
  20. #20  
    Data is encrypted point to point. There should be no way or reason for a router (nor would you want a router to do such work) to decrypt information on the route. It would bog down the router for starters, and even if it did, that'd be cracking not run of the mill decryption.

    I have no idea if the data is even encrypted with a remote sync (can't even get it working on my powerbook). However, if it is encrypted, someone has to actually sniff your data and make an attempt at cracking it. It doesn't magically become clear in route.

Posting Permissions