View Single Post
Old 11-07-2007, 12:55 PM   #1 (permalink)
juwaack68
iPhone Convert
 
juwaack68's Avatar
 
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,875
Post Thanks: 3
Thanked 72 Times in 55 Posts
Default Media Card Encryption/Security via IT Policy

Please Login to Remove!

I am trying to set some security on media cards and have run into some odd behavior. I don't want to disable the media cards, just encrypt and secure the data in the event the device is lost/stolen/abducted by aliens.

Not sure if I've missed something or not....I wasn't able to find anything about this on the boards. We are running BES 4.1.4 MR2; Exchange 2003 SP2.

In my test IT Policy I have the 'External File System Encryption Level' set to "Encrypt to user-provided password; include multi-media directories". I then applied this policy to my Sprint 8830 (has a 4G Sandisk card).

Under Options / Media card the Encryption Mode changed to "Security Password", and Encrypt Media Card changed to "Yes". Neither one of these options can be changed on the device.

I put some additional media (.jpg's) on my card via Media Manager and noticed that the NEW files received a new extension of .ren. The OLD files (already existing) still had the .jpg extension.

I then took the media card out of my device and put it into another 8830. The other device prompted for a password in order to read the media card. Ok, good. He tried a wrong password and it wouldn't let him past the password prompt.

However, I then took that same device with my card in it and connected it to Desktop Manager. The user entered his password (on the PC) to complete the connection and opened Media Manager. At this point, no (correct) password had been entered on the device for the media card.

The files with the .ren were not able to be manipulated with Media Manager - He received a 'General Failure'. So far so good.

However, he was able to use Media Manager to acccess the OLD files from the media card, copy them to his PC, and open them (the ones with the .jpg). This is NOT good.

I'm currently on the phone with RIM to find out if there is a way to encrypt the EXISTING files on a media card so that I can implement this policy. If there is no way to do this, I fear our security director (the guy I was testing with) will want me to disable the media cards.

Any help would be appreciated, and I will post back after I talk more with RIM.
__________________
No longer a BES Admin, but it was fun while it lasted!
Offline   Reply With Quote