IBM includes Siri on the list of apps it disables on its employees iPhones. Public file-transfer services iCloud and Dropbox are also banned.
In common with many companies, IBM has adopted a "bring your own device" (BOYD) policy. So while IBM hands out BlackBerrys to around 40,000 of its 400,000 employees, a much larger number use other smart phones and tablets that belong to the individual workers rather than the company.
Allowing the personally-owned devices access to internal IBM networks is a problem, as Jeanette Horan, IBM;s CIO and responsible for the company's internal use of IT admits in an interview published in Technology Review.
Horan says that when IBM surveyed several hundred employees using mobile devices, many were "blissfully unaware" of what popular apps could be security risks. Some were violating protocol by automatically forwarding their IBM e-mail to public Web mail services or even using their smart phones to create open Wi-Fi hotspots, potentially exposing data to snooping.
Now Horan's team has established guidelines about which apps IBM employees can use and which they should avoid. Public file-transfer services such as Dropbox and Apple iCloud are disallowed due to IBM fears that using such software could allow sensitive information to get loose.
In addition, before an employee's own device can be used to access IBM networks, the IT department configures it so that its memory can be erased remotely if it is lost or stolen. As part of the process IBM even turns off Siri, the voice-activated personal assistant, on employees' iPhones as the company worries that the spoken queries might be stored somewhere.
"We're just extraordinarily conservative," Horan says. "It's the nature of our business."
But is this security far fetched. Probably not. In order for Siri to answer queried, they do have to be transcribed from voice to data. Apple's License Agreement includes "things you say will be recorded and sent to Apple in order to convert what you say into text" and adds that by using Siri on an iPhone 4S, you agree to "agents' transmission, collection, maintenance, processing, and use of this information, including your voice input and User Data, to provide and improve Siri, Dictation, and other Apple products and services."
As far as the employees are concerned there's a problem. Many of those who buy an iPhone 4S have made this choice because of Siri - so to have it switched off must be galling.
This isn't just a problem for IBM, the BYOD policy is widespread and other company IT departments are likely to take similar draconian steps in the interests of security. But what if an employee wants to leave a company, or worse still get fired by it? Will their personal software be restored? Will they be able to disable the corporate alternatives without losing personal data?
It seems that this Siri story isn't as amusing as some of the others we have run.
This year's Pwn2Own hacking contest will be the 10th anniversary edition and the first to be entirely run by Trend Micro. It will feature more targets and more prize money for security researchers who [ ... ]