04-12-2006, 06:20 PM
|
|
Contributing Editor
Join Date: Aug 2006
Posts: 5,160
|
|
Security Fears Hamper Mobile Devices
"Around 60 percent of businesses are shying away from deploying mobile devices primarily due to security concerns, a new survey says. Expense and complexity also hampered moves toward mobile computing, according to the survey, conducted by the Economist Intelligence Unit and commissioned by security vendor Symantec. Executives at 240 organizations worldwide were interviewed. One in five organizations said they have sustained financial losses due to attack on mobile data platforms. Businesses also said they rated threats from viruses as the same or greater on mobile devices than on a fixed network. But only 10 percent of respondents have created a comprehensive security architecture to include mobile devices, the survey said."
This is why the remote wipe feature provided by the Microsoft Messaging and Security Feature Pack for Windows Mobile 5.0 is so important for the enterprise customers and concerned consumers.
|
| |
|
|
|
04-12-2006, 06:36 PM
|
|
Ponderer
Join Date: Nov 2004
Posts: 72
|
|
There are a couple of problems with Remote Wipe that come to mind:
- Remote Wipe via MSFP only wipes the device memory. It does not wipe the memory of any memory cards present in the device
- Remote Wipe does not work if the device has been disconnected from the carrier
While remote wipe is a great feature, it is but one of many tools a company should use to protect it's mobile data.
|
| |
|
|
|
04-12-2006, 07:34 PM
|
|
Editor Emeritus
Join Date: Aug 2006
Posts: 11,180
|
|
True, but that's better than the options we had before. 
Personally, the biggest issue I have with remote wipe is that it doesn't re-lock the device after wipe. So the theif has a brand new unlocked Windows Mobile device. It should wipe the device and then lock it with an administator set password. A message should then be displayed about how the device can be returned to the rightful owner. Right now, I can see people grabbing devices and just waiting for it to get wiped. Then they have a new perfectly useable device.
__________________
"I have no special talents, I am only passionately curious" - Albert Einstein |
| |
|
|
|
04-12-2006, 10:18 PM
|
|
Ponderer
Join Date: Nov 2004
Posts: 72
|
|
That's a very good point. For most businesses, though, the data is usually the most valuable aspect of the device.
It would be nice if M$ allowed the ROM to be updated with specific code from a given company (the end-user company) so that this sort of security could be put in place. Making it so that a hard-reset locks the device via a company-specific setting and displays a message about how to return the device (no matter how many times someone resets the device). The ROM should be locked also, so that people can't load their own ROM to bypas the company-specific settings.
|
| |
|
|
|
04-12-2006, 11:41 PM
|
|
Editor Emeritus
Join Date: Aug 2006
Posts: 6,245
|
|
I wonder how much "Security Fear" really translates to "Fear of Change" or "Fear of Something New". :?
__________________
[Q 9h] [iPhone (16gb)] [att Tilt]
[EOS-1D MarkIII] [SD990 IS]
Flickr |
| |
|
|
|
04-13-2006, 12:19 AM
|
|
Contributing Editor
Join Date: Aug 2006
Posts: 5,160
|
|
Quote:
|
Originally Posted by runbuh
There are a couple of problems with Remote Wipe that come to mind:
- Remote Wipe via MSFP only wipes the device memory. It does not wipe the memory of any memory cards present in the device
- Remote Wipe does not work if the device has been disconnected from the carrier
|
That is scary. Good information to have. So if I find a WM5.0 Smartphone with possibly sensitive info, the first thing I should do is take the SIM card out and put a different one in, so that I don't get the remote wipe message.
Hmm...that is a serious flaw. :evil: Does the WM5.0 with MSFP sense that SIM card is being changed and treat that as a security breach and warn the user and delete the data? :? |
| |
|
|
|
04-13-2006, 12:20 AM
|
|
Contributing Editor
Join Date: Aug 2006
Posts: 5,160
|
|
Quote:
|
Originally Posted by Mike Temporale
Right now, I can see people grabbing devices and just waiting for it to get wiped. Then they have a new perfectly useable device.
|
:lol: Hard reset can be tricky, it is good that Microsoft has made it easy. :lol: |
| |
|
|
|
04-13-2006, 02:03 AM
|
|
Editor Emeritus
Join Date: Aug 2006
Posts: 11,180
|
|
Quote:
|
Originally Posted by Kris Kumar
That is scary. Good information to have. So if I find a WM5.0 Smartphone with possibly sensitive info, the first thing I should do is take the SIM card out and put a different one in, so that I don't get the remote wipe message.
Hmm...that is a serious flaw. :evil: Does the WM5.0 with MSFP sense that SIM card is being changed and treat that as a security breach and warn the user and delete the data? :?
|
Well, if the admin has also enabled a power on password with local wipe (and they should), you're still in trouble. Basically that gives you x number of attempts at the password before the device wipes itself. So by swaping out the sim you might save a little time, but the device is still useless. I would rather wait for the remote wipe so you have a clean device.
__________________
"I have no special talents, I am only passionately curious" - Albert Einstein |
| |
|
|
|
04-13-2006, 03:37 AM
|
|
Contributing Editor
Join Date: Aug 2006
Posts: 5,160
|
|
Forgot about the power on password. That should make the unit more secure.
|
| |
|
|
|
|
|
|
Linear Mode
