Jay Sartori, security analyst from NetworkWorld.com has written an article on the security of the latest version of the iPhone OS and has found it pretty lacking.
Complaining of â€œthe false sense of security delivered through Appleâ€™s marketing of iPhone features for the enterpriseâ€, he notes 3 flaws in how the iPhone interacts with Exchange server password policies.
The first is that the iPhone does not handle EAS Policies as expected, with users being able to arbitrarily increase the time-out before the device password locks, despite policies sent out by network admins.
The next is that the passcode prompt reveals too much information about the nature of the password, making it easy for attackers to see when you are using a simple 4 digit numerical password, and therefore revealing there are only 10 000 possible codes (and the first 2 are probably 19â€”).
The last is that once you realize your simple 4 digit numerical password is insecure the iPhone software makes it impossible to upgrade your password to a longer, more complex password, locking you into using just another 4 digit password.
While commending the device on its usability he maintains â€œunfortunately, the security features are not quite ready for the enterprise and contain various bugs.â€