Default title

MOBILE DEVICE WIPES

YOU HAVE LOST YOUR PHONE. TECH SUPPORT WIPES IT. YOU ARE DONE, RIGHT?

Having the ability to remote wipe a mobile device that has been lost is a lifesaver. You can simply click a few buttons on a management console and miles away that device, connected to your system magically forgets all of the confidential emails and passwords you have stored on it. Sounds perfect, doesn't it ?

THE DEEPER YOU LOOK INTO SECURITY, THE MORE YOU GROW CONCERNED ABOUT YOUR PRECONCEPTIONS OF IT

Even if a remote wipe reports as successful there is a high likelihood of data remnance. Just like our previous article on SSD drives there are major pieces of data left on most mobile devices after a wipe procedure. Because most wipe features are simply a delete action the data isn't actually removed, its only had its pointers removed. A delete process in most instances is simply the deletion of the pointers, or map if you will, to the data. This is not the same as the removal of the data itself and simple programs can restore those pointers and recover the data. Lock screens and codes do little to stop a USB cable from pulling off the desired data. This problem is especially prominent with the type of memory your phone has. This type of memory requires repeated overwrites to fully remove any remnance and most wipe applications are simply not built with that in mind.

HOW DO YOU SECURE YOUR PHONE

ENCRYPTION is an excellent for securing your phone storage. Ensuring you have proper encryption for your storage is extremely important. Another option is Third party Mobile Device Management Systems (MDM) like Mobile Iron will help. These are certainly are not cheap options and usability sometimes suffers but when it comes to protecting yourself from data risks and reducing your potential for identity theft one should always weigh the risks. When it comes to identity theft, a mobile phone is about as rich of a target as one can get. Having access to all your contacts, all your mail items, banking info and any stored application data including MS Office allows for unlimited options to the identity thief.

Talk to ALT8 about your mobile device security concerns. We would be happy to review your current policies and help you evaluate and understand your risks.

RECENT THREAT POSTS

- Nate Nelson
Link Found Connecting Chaos, Onyx and Yashma Ransomware
A slip-up by a malware author has allowed researchers to taxonomize three ransomware variations going by different names.
- Sagar Tiwari
Zoom Patches ‘Zero-Click’ RCE Bug
The Google Project Zero researcher found a bug in XML parsing on the Zoom client and server.
- Elizabeth Montalbano
Verizon Report: Ransomware, Human Error Among Top Security Risks
2022’s DBIR also highlighted the far-reaching impact of supply-chain breaches and how organizations and their employees are the reasons why incidents occur.
- Sagar Tiwari
Fronton IOT Botnet Packs Disinformation Punch
Fronton botnet has far more ability than launching DDOS attack, can track social media trends and launch suitable propaganda.
- Threatpost
Zero Trust for Data Helps Enterprises Detect, Respond and Recover from Breaches
Mohit Tiwari, CEO of Symmetry Systems, explores Zero Trust, data objects and the NIST framework for cloud and on-prem environments.
- Elizabeth Montalbano
Snake Keylogger Spreads Through Malicious PDFs
Microsoft Word also leveraged in the email campaign, which uses a 22-year-old Office RCE bug.
- Threatpost
Closing the Gap Between Application Security and Observability
Daniel Kaar, global director application security engineering at Dynatrace, highlights the newfound respect for AppSec-enabled observability in the wake of Log4Shell. 
- Elizabeth Montalbano
380K Kubernetes API Servers Exposed to Public Internet
More than 380,000 of the 450,000-plus servers hosting the open-source container-orchestration engine for managing cloud deployments allow some form of access.
- Elizabeth Montalbano
Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover
Privilege escalation flaw discovered in the Jupiter and JupiterX Core Plugin affects more than 90,000 sites.
- Nate Nelson
DOJ Says Doctor is Malware Mastermind
The U.S. Department of Justice indicts middle-aged doctor, accusing him of being a malware mastermind.

Archives

Leave a Reply

Your email address will not be published.

2 × five =