Establishing Digital Trust: Don't Sacrifice Security for Convenience
Last month, NPR ran a story that sounded too bizarre to be true. A woman, Amanda Stanton, was checking her iPhones GPS app when it abruptly went dark. It wasnt a crash or a buggy application. The phone had been sent a command by Stantons employer to remotely wipe itself and delete everything onboard.
The catch is this: The phone belonged to Stanton, not her employer, and she paid all the bills for it. And to her knowledge it had no software installed that would make a remote wipe possible.
And yet, it did. According to the NPR report, Stanton had configured her phone (or her IT department had) to work with her companys Microsoft Exchange server so she could get her work email on the road. And all it takes to wipe an iPhone clean or just about any other handset is a special email sent to the user in question.
None of this is any big secret. On its website, Microsoft (NASDAQ: MSFT) offers helpful step-by-step instructions on how to do this on a mobile phone, using three different methods. Even the most complicated method should take less than a minute to complete.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
While Stantons wipe was a simple mistake, there are all kinds of reasons why an IT department would want this kind of capability, and why Microsoft has obviously listened to its corporate customers demands for the feature.
No one seems to be able to count how many phones go missing every year in this country, but the numbers are undoubtedly in the millions or tens of millions. An old 2000 statistic said that 19 percent of households replaced a lost handset in the prior year, and thats unlikely to have gone down. In 2004, one Chicago cab company reported that it had found over 85,000 phones left behind by customers over a six-month period.
Making matters worse, cell phone security is often weak or nonexistent. Even if a phone is secured with a password (which in itself is rare), cracking into a handset is often a trivial affair.
With more and more business being transacted on the go, cell phones are now the weakest security link in many organizations. Your phone can probably access not just corporate email, but it also holds a plethora of phone numbers, text messages, and Web bookmarks. It may be loaded with company documents, or have access to those files somewhere in the cloud. And thats without even mentioning the embarrassing pictures from the company Christmas party. Who wouldnt want to be able to nuke all of this stuff remotely should a phone fall into the wrong hands?
And yet, the power of this feature is difficult to fully grasp. Again, the phone in the above case didnt belong to Stantons employer, but rather to her, and she hadnt been told that such wiping was possible. And, crucially, the wipe took with it not just the corporate content, but all of Stantons personal data too. Imagine if her home PC had been mistakenly wiped by a wayward message. Or if Stanton had been in a situation where she had to, you know, call somebody. In a world where airplane boarding passes are now routinely sent to phones instead of printers, the risk of physically stranding someone in a faraway land through an action like this is now palpably real.
Remote wipes are nothing new, of course. The iPhone added it as an option for MobileMe users concerned with handsets falling into the wrong hands with the 3.0 release of the OS.
Mainstream software like this has existed for PCs since at least the turn of the century, although for many years it was considered bad form to remotely wipe a PC. Perhaps the most notorious application along these lines was Back Orifice, a 1998 hacker-developed app that had reasonably good intentions allowing a user to remotely control a PC, including performing file management activities but which was immediately decried as malware by the security industry because it didnt display any signs that it was installed and running on a host PC. Today, remote-control software like LogMeIn takes great pains to indicate a remote user has taken control, and multiple levels of security are involved along the way. Even with that, many people are skittish about someone having that level of control from afar.
I had intended to end this column with a discussion for those concerned about remote wipe technology, talking about handsets that dont have some form of remote wipe capability. Surprisingly, those handsets dont appear to exist. While some manufacturers phones require more user intervention up front and may require a paid app to be installed just about any smartphone being managed by an IT department can be wiped clean without user involvement. The only exceptions: Dumb handsets that feature only rudimentary voice and text messaging features.
Meanwhile, if youre part of an IT department that wants to roll out remote wipe capability, its a good and perhaps essential practice to let your users know that this is part of your IT policy before they use their phone to access anything on the corporate network, including email. Thats doubly important if users are using their own equipment to do company work, and a written policy (like the one discussed in the original NPR story) is essential if youre going to be taking control of equipment you dont own. Putting safeguards on who has the keys to the remote wipe button makes good sense, too.
Christopher Null writes about technology extensively for Wired, PC World, and Maximum PC. He was the founder and Editor-in-Chief of Mobile PC magazine and spent four years blogging about tech daily for Yahoo! You can find his running commentary at chrisnull.com.
Keep up with mobile security news; follow eSecurityPlanet on Twitter: @eSecurityP.