Australia OKs iOS for classified comms

Spooks get guide on 'hardening' iPhones, iPads

16 Reg comments Got Tips?

Australia's Defence Signals Directorate, an agency charged with collecting signals intelligence and educating the rest of the government about security, has green-lit Apple's iOS for use in “classified Australian government communications”.

The decision doesn't mean spooks can nip out to a phone shop and start chattering away on the iDevice of their dreams. Instead they'll need to adhere to a 'Hardening Guide' [PDF] that insists on iOS 5.1 or later and also offers lots of rules to make sure Apple's devices are used safely.

Those rules include a provision that passwords must include alphanumeric characters and that users should be forced to change passwords every 90 days. Devices should be auto-wiped after five failed log-on attempts. A SIM PIN is recommended and and encrypted backups are a must.

Disabling installation of apps is recommended for workers who access “Protected” information. Three grades of security higher than Protected – Confidential, Secret and Top Secret – aren't considered suitable for access with an iDevice.

WiFi access is allowed, but only with “WPA2 Authentication with EAP-TLS and a pre-shared key as minimum,” but with a preference for RADIUS or 802.1x. “Ask to join networks” should be turned off, to prevent iDevices connecting to unknown WiFi.

The guide mentions jailbroken devices and unsurprisingly says “Administrators should not allow employee owned jailbroken iOS devices to be provisioned on the corporate network.”

Interestingly, the guide also includes sample scripts for the iPhone Configuration Utility, an Apple product the Directorate recommends as suitable for managing fleets of iDevices in Australian government agencies. ®


Keep Reading

Homeland Security demands a 911 for reporting security holes in federal networks: 'Vulns in internet systems cause real-world impacts'

Great – and who will be the first responders?

The seven deadly sins letting hackers hijack America's govt networks: These unpatched bugs leave systems open

'Unauthorized access to elections support systems' detected tho 'no evidence to date that integrity of elections data has been compromised'

'iOS security is f**ked' says exploit broker Zerodium: Prices crash for taking a bite out of Apple's core tech

Million-dollar payouts zero out as hackers follow the money en masse

DevOps to DevOops: Docker Hub proves so secure that 430 Docker images out of 2,500 have no vulnerabilities

As for the rest, you're on your own

This week of never-ending security updates continue. Now Apple emits dozens of fixes for iOS, macOS, etc

Make sure your iThing installs these patches

Readers of a certain age will remember GPRS: Old insecure tech from turn of millennium still haunts 5G networks

Positive Technologies analysts less than positive about GTP

Five bag $300,000 in bug bounties after finding 55 security holes in Apple's web apps, IT infrastructure

Unpatched Cisco VPN servers, access to the iOS source code, AWS secret keys – this is weapons grade 'oof'

USA decides to cleanse local networks of anything Chinese under new five-point national data security plan

‘Clean Network’ initiative bans use of Chinese clouds, names Alibaba, Baidu, and Tencent as compromised

Biting the hand that feeds IT © 1998–2020