Secure at Hand? The Pre and Security
With all the coverage of President Obama's efforts to keep his BlackBerry after being elected, as well as the almost daily reports of data breaches (including from lost smartphones and laptops), the issue of security and smartphones is an important one. It's not just politicians with national security clearance either; most users have something they might want to keep away from unwelcome eyes, and those of us with formal obligations of confidentiality (attorneys, doctors, etc.) must be sure that our smartphones won't cause us to break those rules.
So where does the Pre fall in terms of security? In considering security and privacy issues related to any smartphone, there are a number of areas on which to focus, including:
- Operating system
- Transmission and interception
- Phone data
Let's take those in turn, after the break!
Operating System
The Pre's WebOS is built on the open-source Linux operating system, upon which Palm has overlaid the Mojo framework. Linux itself is considered fairly secure from casual intrusion, both because its open-source nature means that many developers have examined and patched any holes, and because it is less common than OSes such as Windows (and therefore less frequently the target of malicious hackers, who want to maximize the number of potential victims). For that matter, open-source advocates will suggest that Linux is even more secure than other flavors of Unix (including the closed-source version underlying the iPhone's OS X), because so many have been able to explore its potential problems. (Those seeking a more detailed discussion of Linux security might be interested in this document from Kevin Fenzi.) Through Mojo, Palm has placed a layer between developers (both legitimate and malicious) and the operating system, as shown in this excerpt from the O'Reilly WebOS development book, minimizing the opportunity for trojan-horse applications to manipulate the operating system. While there is perhaps the potential for malicious scripts to run in WebOS (as discussed in this thread), it's highly unlikely that an ordinary user would all take the steps necessary to make it possible.
Transmission and interception:
The Pre utilizes two different data transmission technologies: Wi-Fi and cellular networks like Sprint's EVDO Rev. 1 technology. The two have different security issues. The Pre's Wi-Fi may be completely unsecure (utilizing open networks), or encrypted using a variety of standard methods (WPA-personal, WEP or Enterprise). Even the lowest-strength encryption, WEP, is likely immune from casual interception, while the Pre's communication over an open network can be easily intercepted using a packet sniffer. On the cellular side, technologies like EVDO are much more secure than older analog cell networks, and are generally not subject to interception.
Even if one is using an open Wi-Fi network, though, it doesn't mean that an intercepted communication can be understood and used, because the actual content can be encrypted. On the e-mail side, most of the protocols supported by the Pre (e.g. Exchange ActiveSync, IMAP) support encryption independent of what network is being used, and Web-based e-mail and e-commerce generally offer SSL-encrypted browsing sessions. Beyond that, you would need to verify how each individual application does (or does not) encrypt its communications between the Pre and the remote resource, in order to judge security.
Data security
Here, the burden is on the user, since the easiest way to steal data stored on a Pre is to steal the Pre itself. While the Pre offers the ability to lock the screen with a PIN or password, if users fail to enable that feature, anyone who grabs the Pre can access everything on it. (The PIN is also required after resetting or power off the Pre and will block enabling USB mode, aiding in protection.) While using a PIN or password can be inconvenient for the owner, it's a lot more inconvenient for the thief. Further, using difficult-to-guess passwords for both the Pre and the online profile are simple and smart techniques to help secure your data.
Two caveats to be aware of: If you have enabled Developer Mode set to On, it can be accessed via a terminal program even when the PIN has not been entered unless you have taken additional steps to add an OS password; you may wish to read through the WebOS Internals article on setting up a non-privileged user here. The second caveat is that setting a pin is merely a password gateway, the data itself on the Pre is not encrypted.
What if the Pre is stolen? First, there is the automatic backup (which, by the way, is itself encrypted, according to Palm), so the authorized user (who knows the password, of course) can restore the data to a new device. Next, you can use the online gateway to your Palm Profile to remotely wipe your Pre, although it's not instantaneous and requires your Pre to be able to receive a cell signal, as Palm says:
The erase device command is sent via SMS and must be received by an activated phone within 24 hours. Wireless coverage area only. Requires data services at additional cost. Erase does not deactivate your phone from your carrier's network - contact your carrier.
If you use Exchange ActiveSync, WebOS 1.1 included an update that allows your system administrator to send a Remote Wipe command, assuming that feature is enabled on the server side. That command, though, will only erase the Exchange data stored in apps like Calendar and E-mail, and not any other data you may have on your Pre.
As for USB mode, once it's enabled, it represents a significant potential security risk, since an easily-available microUSB plug turns your Pre into the equivalent of a thumb drive, ready for anyone to connect and copy/modify/delete your stored files. There is currently no way to encrypt the stored data on the Pre itself, while still retaining the ability to access the data. (One possible exception: if you are using Classic, there may be PalmOS file-encryption software you can run, but only for the information stored within the Classic PalmOS memory partition, which is separated from the rest of the Pre's memory.)
You can, however, encrypt any outside data you are storing on your Pre as an external drive, using open-source tools like TrueCrypt to encrypt the files and folders you carry with you (and can even place the TrueCrypt software on the drive, so you yourself can access them with the appropriate passwords wherever you find a convenient computer with which to connect). You will not be able, though, to access the TrueCrypt-protected data through WebOS itself, at least for now. (It's entirely possible, given that WebOS is Linux-based, that someone may be able to port the TrueCrypt software to the Pre, which would be a huge step forward in security for the device.)
One other thought: given that no security is perfect, if you have information whose disclosure would cause serious problems for you or someone else, don't keep it on your Pre, or travel around with it at all for that matter, regardless of any encryption or PINs. It's too easy to accidentally e-mail a file to the wrong person, or be watched by a keen-eyed "shoulder surfer" as you read that sensitive e-mail. Plus, no matter how strong the security, once a hacker has physical access to any computer and can prevent a remote wipe - be it a desktop, a BlackBerry, or a Pre - it's only a matter of time and skill before your data is revealed.
Would President Obama be able to use a Pre instead of his ultra-secure BlackBerry for those Eyes Only Top Secret communiques? At this point, probably not. For the rest of us, though, the Pre's technologies and software do provide a reasonable amount of security for both the operating system and the software and data on the device...if we take the time and care to use them correctly.
(FYI: If you'd like to read more about smartphone security and other risks, you can download my free e-booklet, Shooting From the Hip: Managing the Risks of Portable Computing and Smartphones in Your Business, here.)
