Log in

View Full Version : Security Fears Hamper Mobile Devices


Kris Kumar
04-12-2006, 06:20 PM
"Around 60 percent of businesses are shying away from deploying mobile devices primarily due to security concerns, a new survey says. Expense and complexity also hampered moves toward mobile computing, according to the survey, conducted by the Economist Intelligence Unit and commissioned by security vendor Symantec. Executives at 240 organizations worldwide were interviewed. One in five organizations said they have sustained financial losses due to attack on mobile data platforms. Businesses also said they rated threats from viruses as the same or greater on mobile devices than on a fixed network. But only 10 percent of respondents have created a comprehensive security architecture to include mobile devices, the survey said."

This is why the remote wipe feature provided by the Microsoft Messaging and Security Feature Pack for Windows Mobile 5.0 is so important for the enterprise customers and concerned consumers.

runbuh
04-12-2006, 06:36 PM
There are a couple of problems with Remote Wipe that come to mind:
- Remote Wipe via MSFP only wipes the device memory. It does not wipe the memory of any memory cards present in the device
- Remote Wipe does not work if the device has been disconnected from the carrier

While remote wipe is a great feature, it is but one of many tools a company should use to protect it's mobile data.

Mike Temporale
04-12-2006, 07:34 PM
True, but that's better than the options we had before. ;)

Personally, the biggest issue I have with remote wipe is that it doesn't re-lock the device after wipe. So the theif has a brand new unlocked Windows Mobile device. It should wipe the device and then lock it with an administator set password. A message should then be displayed about how the device can be returned to the rightful owner. Right now, I can see people grabbing devices and just waiting for it to get wiped. Then they have a new perfectly useable device.

runbuh
04-12-2006, 10:18 PM
That's a very good point. For most businesses, though, the data is usually the most valuable aspect of the device.

It would be nice if M$ allowed the ROM to be updated with specific code from a given company (the end-user company) so that this sort of security could be put in place. Making it so that a hard-reset locks the device via a company-specific setting and displays a message about how to return the device (no matter how many times someone resets the device). The ROM should be locked also, so that people can't load their own ROM to bypas the company-specific settings.

Jerry Raia
04-12-2006, 11:41 PM
I wonder how much "Security Fear" really translates to "Fear of Change" or "Fear of Something New". :?

Kris Kumar
04-13-2006, 12:19 AM
There are a couple of problems with Remote Wipe that come to mind:
- Remote Wipe via MSFP only wipes the device memory. It does not wipe the memory of any memory cards present in the device
- Remote Wipe does not work if the device has been disconnected from the carrier


That is scary. Good information to have. So if I find a WM5.0 Smartphone with possibly sensitive info, the first thing I should do is take the SIM card out and put a different one in, so that I don't get the remote wipe message.

Hmm...that is a serious flaw. :evil: Does the WM5.0 with MSFP sense that SIM card is being changed and treat that as a security breach and warn the user and delete the data? :?

Kris Kumar
04-13-2006, 12:20 AM
Right now, I can see people grabbing devices and just waiting for it to get wiped. Then they have a new perfectly useable device.

:lol: Hard reset can be tricky, it is good that Microsoft has made it easy. :lol:

Mike Temporale
04-13-2006, 02:03 AM
That is scary. Good information to have. So if I find a WM5.0 Smartphone with possibly sensitive info, the first thing I should do is take the SIM card out and put a different one in, so that I don't get the remote wipe message.

Hmm...that is a serious flaw. :evil: Does the WM5.0 with MSFP sense that SIM card is being changed and treat that as a security breach and warn the user and delete the data? :?

Well, if the admin has also enabled a power on password with local wipe (and they should), you're still in trouble. Basically that gives you x number of attempts at the password before the device wipes itself. So by swaping out the sim you might save a little time, but the device is still useless. I would rather wait for the remote wipe so you have a clean device.

Kris Kumar
04-13-2006, 03:37 AM
Forgot about the power on password. That should make the unit more secure.