Default title

MOBILE DEVICE WIPES

YOU HAVE LOST YOUR PHONE. TECH SUPPORT WIPES IT. YOU ARE DONE, RIGHT?

Having the ability to remote wipe a mobile device that has been lost is a lifesaver. You can simply click a few buttons on a management console and miles away that device, connected to your system magically forgets all of the confidential emails and passwords you have stored on it. Sounds perfect, doesn't it ?

THE DEEPER YOU LOOK INTO SECURITY, THE MORE YOU GROW CONCERNED ABOUT YOUR PRECONCEPTIONS OF IT

Even if a remote wipe reports as successful there is a high likelihood of data remnance. Just like our previous article on SSD drives there are major pieces of data left on most mobile devices after a wipe procedure. Because most wipe features are simply a delete action the data isn't actually removed, its only had its pointers removed. A delete process in most instances is simply the deletion of the pointers, or map if you will, to the data. This is not the same as the removal of the data itself and simple programs can restore those pointers and recover the data. Lock screens and codes do little to stop a USB cable from pulling off the desired data. This problem is especially prominent with the type of memory your phone has. This type of memory requires repeated overwrites to fully remove any remnance and most wipe applications are simply not built with that in mind.

HOW DO YOU SECURE YOUR PHONE

ENCRYPTION is an excellent for securing your phone storage. Ensuring you have proper encryption for your storage is extremely important. Another option is Third party Mobile Device Management Systems (MDM) like Mobile Iron will help. These are certainly are not cheap options and usability sometimes suffers but when it comes to protecting yourself from data risks and reducing your potential for identity theft one should always weigh the risks. When it comes to identity theft, a mobile phone is about as rich of a target as one can get. Having access to all your contacts, all your mail items, banking info and any stored application data including MS Office allows for unlimited options to the identity thief.

Talk to ALT8 about your mobile device security concerns. We would be happy to review your current policies and help you evaluate and understand your risks.

RECENT THREAT POSTS

- Chris Calvert
Making Sense of the Security Sensor Landscape
Chris Calvert of Respond Software (now part of FireEye) outlines the challenges that reduce the efficacy of network security sensors.
- Tom Spring
High-Severity Chrome Bugs Allow Browser Hacks
Desktop versions of the browser received a total of eight fixes, half rated high-severity.
- Tara Seals
Novel Online Shopping Malware Hides in Social-Media Buttons
The skimmer steals credit-card data, using steganography to hide in plain sight in seemingly benign images.
- Tara Seals
VMware Rolls a Fix for Formerly Critical Zero-Day Bug
VMware has issued a full patch and revised the severity level of the NSA-reported vulnerability to "important."
- Elizabeth Montalbano
Vancouver Metro Disrupted by Egregor Ransomware
The attack, which prevented Translink users from using their metro cards or buying tickets at kiosks, is the second from the prolific threat group just this week.
- Tara Seals
Kmart, Latest Victim of Egregor Ransomware – Report
The struggling retailer's back-end services have been impacted, according to a report, just in time for the holidays.
- Tara Seals
TrickBot Returns with a Vengeance, Sporting Rare Bootkit Functions
A new "TrickBoot" module scans for vulnerable firmware and has the ability to read, write and erase it on devices.
- Tara Seals
DeathStalker APT Spices Things Up with PowerPepper Malware
A raft of obfuscation techniques turn the heat up for the hacking-for-hire operation.
- Threatpost
Reverse Engineering Tools: Evaluating the True Cost
Breaking down the true cost of software tools in the context of reverse engineering and debugging may not be as clear-cut as it appears.
- Lindsey O'Donnell
Cyberattacks Target COVID-19 Vaccine ‘Cold-Chain’ Orgs
Cybercriminals try to steal the credentials of top companies associated with the COVID-19 vaccine supply chain in an espionage effort.

Archives

One thought on “Default title”

Leave a Reply

Your email address will not be published. Required fields are marked *

1 × 5 =