Default title

MOBILE DEVICE WIPES

YOU HAVE LOST YOUR PHONE. TECH SUPPORT WIPES IT. YOU ARE DONE, RIGHT?

Having the ability to remote wipe a mobile device that has been lost is a lifesaver. You can simply click a few buttons on a management console and miles away that device, connected to your system magically forgets all of the confidential emails and passwords you have stored on it. Sounds perfect, doesn't it ?

THE DEEPER YOU LOOK INTO SECURITY, THE MORE YOU GROW CONCERNED ABOUT YOUR PRECONCEPTIONS OF IT

Even if a remote wipe reports as successful there is a high likelihood of data remnance. Just like our previous article on SSD drives there are major pieces of data left on most mobile devices after a wipe procedure. Because most wipe features are simply a delete action the data isn't actually removed, its only had its pointers removed. A delete process in most instances is simply the deletion of the pointers, or map if you will, to the data. This is not the same as the removal of the data itself and simple programs can restore those pointers and recover the data. Lock screens and codes do little to stop a USB cable from pulling off the desired data. This problem is especially prominent with the type of memory your phone has. This type of memory requires repeated overwrites to fully remove any remnance and most wipe applications are simply not built with that in mind.

HOW DO YOU SECURE YOUR PHONE

ENCRYPTION is an excellent for securing your phone storage. Ensuring you have proper encryption for your storage is extremely important. Another option is Third party Mobile Device Management Systems (MDM) like Mobile Iron will help. These are certainly are not cheap options and usability sometimes suffers but when it comes to protecting yourself from data risks and reducing your potential for identity theft one should always weigh the risks. When it comes to identity theft, a mobile phone is about as rich of a target as one can get. Having access to all your contacts, all your mail items, banking info and any stored application data including MS Office allows for unlimited options to the identity thief.

Talk to ALT8 about your mobile device security concerns. We would be happy to review your current policies and help you evaluate and understand your risks.

RECENT THREAT POSTS

- Nate Nelson
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
- Nate Nelson
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
- Nate Nelson
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
- Nate Nelson
Ransomware Attacks are on the Rise
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
- Nate Nelson
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
- Threatpost
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
- Threatpost
Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.
- Nate Nelson
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
- Elizabeth Montalbano
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
- Elizabeth Montalbano
Google Patches Chrome’s Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.

Archives

Leave a Reply

Your email address will not be published. Required fields are marked *