Security related to mobile devices

You may be an IT administrator or just the person in charge of helping your users (or friends for that matter) configuring iPhones.  Now setting up an iPhone is not hard once you have tried it once or twice, but it is still time consuming and lets face it not very fun, well imagine that you had a piece of software in which you could prepare the configuration and then just sms the configuration to anyone?  Well it is almost as easy as that 🙂  and best of all, I will show you how 😀

What you need is the “iPhone configuration utility” from Apple, you will find it here;

Now you install this and are set to go, with this software you can create configurations for the iPhone (or iPad) and by connecting the device to your machine you can transfer the settings directly, this is easy enough but as mentioned you can do even better – you can send the configuration over the internet – the latter however require a web-server and maybe a little more skill that the average home user.

Anyhow, if you are an IT administrator etc. and need to setup a log of iPhones, then this is interesting for you..  You create a configuration with “iPhone configuration utility” and upload this to a web-server, eg. as and now you can just sms the link to this page/file to new employees or BOD “bring your own device” users.  Now one word of caution though, if you publish your config this way you MUST omit ANY sensitive information like email, domain name, username and passwords, this however is not a problem – any information not entered will just be prompted – so if you omit the username and password the user will just be prompted for this when installing the configuration (information like this is likely known by the user, or could be included in the sms).  That some outside user may be able to read what mailserver you use is not really a problem, this information is already public knowledge via eg. NSLOOKUP – so there is really no security issue with this unless you include passwords etc. which you should avoid as mentioned.

The settings set this way are entered into the phone as a “Profile”, you can configure that this “Profile” can be removed “Anytime”, “Via Password” or “Never” (never mean that you need to reset the device to remove), if you remove the “Profile” it will also remove all data related to the profile (eg. if email settings was part of a profile, it will also remove the emails as part of the removal – but if you setup additional email’s manually these will be left alone).

What can you configure;
Almost anything, just to mention a few things; Email, VPN, WiFi, Policies (you can enforce password etc. etc.).

See my walktrough here for more details etc;


If you upload the configuration to a webserver, you may need to set the mime type and remember to NOT change the extention of the file (.mobileconfig).

Should you ever see a device like the one below then your mobile devices may be close to loosing their virginity 🙁

Police and Homeland Security in the USA have obtained devices like this that allow them to clone/extract ALL data from your cellphone/pda/ipod/ipad/iphone etc in minutes, it does not even matter that you erased data this device will get ANYTHING “sector by sector”….  some states even allow this device to be used during routine traffic stops..  My fear as an EU citizen is that if I at some time wish to travel to the USA, then I may be met by a Homeland Security officer at the border with a device like this in his hand..  Not that I have anything to hide, but the idea that someone else will have FULL access to my very private data is VERY disturbing to me..

Read more here;

As an addition to my previous post about the “Gemini” Android virus, here is a link to a supposedly free Android Antivirus software.

Please note, I have not checked this out personally yet so I can not vouch for it nor its effectiveness however it seems legit and professional (it is released by the folks that published news about the “Gemini” Trojan).

UPDATE; I installed the software and ran a few basic tests, it seem to function as advertised, sadly I did not succeed in downloading the eicar test virus file so I could verify the antivirus part of the software 😐  but it does indeed scan new software installed on the phone and the locate phone also works as advertised.