Slashdot Mirror
When Your Company Remote-Wipes Your Personal Phone
Xenographic writes "NPR has a story about someone whose personal iPhone got remotely wiped by their employer. It was actually a mistake, but it was something of a surprise because they didn't believe they had given their employer any kind of access to do that. This may already be very familiar to Microsoft Exchange admins, but the problem was her iPhone's integration with MS Exchange automatically gives the server admin access to do remote wipes. All you have to do is configure the phone to receive email from an MS Exchange server and the server admin can wipe your phone at will. The phone wasn't bricked, even though absolutely all of its data was wiped, because the data could be restored from backup, assuming that someone had remembered to make one. But this also works on other devices like iPads, Blackberry phones, and other smartphones that integrate with MS Exchange. So if you read your work email on your personal phone or tablet, you might want to make sure that you keep backups, just in case."
told ya they could do it!
Is this meaning that the Mails were deleted on the server?
We have the same policy and will only allow smart phones to connect to exchange when they have the remote wipe capability. It's to protect the company's interests should a phone be lost or stolen. When the users sign up for ActiveSync they have to "read" the terms and conditions where it states that it may be remotely wiped. I don't think most people read it but when you think about the type of proprietary (and often confidential) data your email inbox has, you have to understand why the company does it.
"Wisdom is not a product of schooling but of the life-long attempt to acquire it." -Albert Einstein
If you keep a ton of data you need on your phone, or anything, you should probably keep backups. There's plenty of ways to have your device wiped out or destroyed.
Is it just me or does the iphone in the picture of the article look really small? Or the person has really large hands?
Flexible bare-metal recovery for Linux/UNIX
Sure, any phone or client that supports Exchange Provisioning will allow the server administrator to do it.
Incidentally, I lost access completely to my work's Exchange server after they enabled provisioning, as did everyone using Android. All the iPhone users have access still, and they're all open to being wiped once someone flips the switch.
Company asserts remote-wipe control over devices that access company systems and data. News at 11.
There is nothing interesting going on at my blog
Wiping someones personal data is a felony. I think it likely that the employer prosecute if the tables were turned. Hacking tools are illegal in some jusridictions, I think anything providing this level of unauthorised access would be illegal under German law. Guess they don't use exchange there?
She held it wrong?
This is common knowledge for most System Administrators (or should be).
With Blackberry, you can remote wipe, or just lock the device and change the password. The iPhone can be wiped.
By default, whenever you connect your iPhone to your computer it does a backup/sync. Blackberry does not.
Most companies I know first lock the device with a new password, and give the user a chance to bring the phone in (or a # of days before it is remote wiped).
If a company is unwilling to provide you with a phone for work, then you should not have your work email on it. If there is some form of bill reimbursement, there should also be clear terms as to who owns the device, and what can be done to it in the event of quitting/firing.
Employees should be made aware of what is possible, including the ability to remote backup user data (so they know not to store questionable content on the phone).
You are of course aware that MS is no longer licensing Exchange to smartphone manufacturers unless they allow administrative remote wiping...right?
Don't integrate as it gives power to strangers to wipe your gadgets (or possibly even read them).
Kinda similar to how back in the 80s a friend asked my password, and he decided to "teach" me a lesson by entering my BBS account and changing it. I thought I could trust a 10-year-long friend but after that event, I demoted all my friends to strangers and don't give them squat. "Trust No One"
"apology is policy"
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
Guess what, they can read your email too.
You'd be crazy to use your own phone for work related email or any other tasks. Work and business don't mix and this is a perfect example of that.
"We are just a war away from Amerikastan. When god vs god the undoing of man." Dave Mustaine
Tell them to pay you $10,000 for your troubles or you will be suing them and pressing criminal charges for hacking your phone.
You actually get to own it after purchase.
...and despite communicating the company policy regarding separation and removal of company data from devices, I've still had to hear the distraught cries from people who lost pictures of their kids, personal emails, etc. It seems excessive that Exchange Remote Wipe destroys data across the whole device (eg Pictures, Notes, other email accounts). I don't know if that is something Microsoft or Apple has to fix but it needs a fix. I'm happy to not be in that role now.
I don't think most folks are shocked at the remote wipe capability - they just expected that it would be confined to the exchange data only, not the MP3's, games, photos, etc.
LOL
You're either a troll, an idiot, or both. Apple didn't have to allow the wipe functionality, or could have made it configurable. It's your boyfriend Steve Jobs who you should be mad at.
A marriage made in heaven.....
IANAL but write like a drunk one.
... use IMAP. Connecting to Exchange via IMAP doesn't enable remote wipe, but still allows you to access your mail and get access to the GAL.
But honestly, if you're needing access to a company's Exchange server, there's no reason why the company can't enforce a security policy, like a PIN or password on your phone, or remote wipe capabilities. There may be sensitive data in your emails or in your contact list, that should not be accessed on a device which has no protection (or even weak protection like a PIN). It's in the best interest of the organization to be able to remotely-wipe a device connected to their Exchange server.
That being said, if you don't want to give the company access to do that to your phone, then don't connect to Exchange. If IMAP isn't enabled, then you have to take the tradeoff.
Unless your company specifically forbids it, I'd use TouchDown for Android. I've set it up for my mom and it seemed to work ok. I couldn't get her tasks to sync, but I'm sure I could have figured it out with some more effort. The email came down fine. It isn't quite as chic as having everything integrated into the native apps on your phone, but the interface seemed serviceable enough, and it keeps more of a firewall between your work and personal life.
Many companies don't specifically check the client string. If they do, and you really want to, you can masquerade as an iPhone. It supports Exchange remote wipe (but only for the TouchDown data store), all your personal data on the phone will be unaffected. I have Prey on my phone to wipe my personal data in case it gets stolen.
Keep personal items and work items separate. CRAZY I KNOW.
... they're using an Exchange-Server for all the students' email. Fun parts include: You're only able to install a Forwarding rule if you use the Internet Explorer (otherwise the button for rules is simply not there - something their FAQ omits.) SMTP does not work at all for some strange reason. I finally tried to configure my Android phone to use the Exchange account as an additional email account. That worked. However, whenever the screen went black to conserve power, I had to reenter my Exchange password to unlock the phone! With a nontrivial password containing special characters, numbers, small and big letters at a length of 10 characters, this became a serious pain in the ass. Normally, to unlock the phone I just have to swipe the on-screen button from right to left. Needless to say, I quickly removed the Exchange account. And it was only a month later that I actually got an answer from them regarding my problems. So, if our university of incompetent morons Exchange server means that they could erase my data, I won't touch their offering with a ten-feet pole. Fun fact: They're "offering" a user administration tool for all the dorms' routers based on PHP. This little "tool" does an include of remote PHP files based on the unsanitized GET request data. As a plus, this tool has to be run as root. Which means that any disgruntled dorm administrator could do a pretty powerful attack on nearly the whole dorm network infrastructure.
MS infects your Apple phone like a Sony rootkit and allows an employer to remotely wipe data like 1984 on an Amazon Kindle.
Welcome to your new Pink phone designed in California.
Domestic spying is now "Benign Information Gathering"
...why would you use your own resources to access company resources?
If the company intends for you to be accessible via email remotely, then they can damn well supply you with the means to be accessible via email when out of the office.
Unless you get paid for the use of your own resources (and reimbursed for the cost of obtaining them) then there is no sane reason why you would use them.
In Xanadu did Kubla Khan
A stately pleasure dome decree
Google could wipe all the data on iphones configured to sync with gmail, calendar and contacts. Good thing they 'do no evil'! http://www.google.com/support/mobile/bin/answer.py?answer=138740&topic=14252
It wasn't "not bricked" because the data was restorable from backup. The iPhone was still completely functional after the data wipe hence it was "not bricked" because nothing was done to render it inoperable, even without a backup.
I am becoming gerund, destroyer of verbs.
was the first mistake.
If your employer wants you to read work email on a mobile device, make them issue one.
Don't run your personal mobile's wireless through the company access points. Use your damn 3g/4g data plan for that.
Seriously. If it's your data, your employer has no business going anywhere near it or the devices that contain it, and you don't let them get that impression by never giving them a sniff of the thing.
Welcome to the Panopticon. Used to be a prison, now it's your home.
You can only remote wipe something which connect to the internet and is not in offline mode. Even all the best iphone ipad, PDA, will not remote wipe if it do not get the remote wipe command. Which would not happen if somebody is motivated enough to cleverly remove any connection capability before going through the mailbox offline mode. And somebody stealiong it and not sophisticated enough to know that would not even care about the data, almost cetrainly. So it is really a useless feature.
By giving a corporation control over corporate property(virtual property in this case, but established property as far as the law is concerned)?
I think you'll need to hate pretty much every company in the world.
If your on android you can patch this out of the email client:
http://forum.xda-developers.com/archive/index.php/t-729753.html
I did this on my (Droid1) phone and it worked perfectly.... I did test a remote wipe and nothing happened on my phone.
Simply by plugging your device into iTunes, it automatically makes a backup. This is something you can turn off if you really try, but by default making a backup is a standard part of the sync process with iTunes.
Specialist Mac support for creative pros, Melbourne
http://en.wiktionary.org/wiki/spick-and-span
Also, from the wikipedia article on the product, someone did try boycotting it in 1999 (http://en.wikipedia.org/wiki/Spic_and_Span). I think that's stupid. "Spick and Span" was first recorded in the 16th century. "Spic" has only existed since early 1900s, wasn't documented until 1910, and even then was documented as "spiggoty" as a slur against Italians. I'd say it's pretty safe to say that when "Spic and Span" was created (1933 in Ohio), "spic" being a slur wasn't even on the radar for them.
I think the situation is similar to the word "niggardly" (http://en.wikipedia.org/wiki/Controversies_about_the_word_%22niggardly%22). People see something that, without any context (context like the spelling of the word or idiom...), could be conceived as racist. People take offense as something because of their own ignorance.
The problem is, you're not being color-blind. You're seeing color issues where there aren't any. You're trying to get people riled up at racism that isn't even there. You're not helping to stop racism, but you are helping to chill language and communication and encourage ignorance. You have, by trying to be on the right side of something, wound up on the wrong side of everything.
And there goes my karma...
No trespassing. Violators will be shot. Survivors will be shot again.
She was in the 'States, which tends to ignore minor crimes and expect the victim to sue/shoot the culprit (;-))
You're better off in Germany, and the Americans are better off than some of the third world, where our American cousins and we send volunteers to teach the concept of the rule of Law, as in http://www.lawyerswithoutborders.org/Pages/Default.aspx
--dave
davecb@spamcop.net
But honestly, if you're needing access to a company's Exchange server, there's no reason why the company can't enforce a security policy, like a PIN or password on your phone, or remote wipe capabilities. There may be sensitive data in your emails or in your contact list, that should not be accessed on a device which has no protection (or even weak protection like a PIN). It's in the best interest of the organization to be able to remotely-wipe a device connected to their Exchange server.
But honestly, if the company needs access to your phone, there's no reason why you can't enforce a security policy, like ... remote wipe capabilities. There may be private data in your phone or in your contact list, that should not be accessed by the company... It's your best interest of to be able to remotely-wipe a company connecting to your phone.
Just because you access company mail with your phone does not mean that the company should be allowd to wipe your phone - or that you should be allowd to wipe the company server...
If you don't want to risk such things happening, don't mix business and personal.
Laptop, VPN, Cell Phone, etc. Keep your life separate from your work. Don't do work on personal equipment, and don't use work equipment for things you want kept private.
If you chose to mix them (for convenience) then understand the risk.
"You want to know how to help your kids? Leave them the fuck alone." -George Carlin
You'd really rather a thief had easy access to your email and other personal info?
Having said that - when my last phone got stolen, they took the SIM out pretty much immediately anyway, which would stop any wiping from taking place until further connection to the net, or never if they disabled the Exchange account. They could then browse anything if they wanted. We had the IMEI blacklisted so the phone was basically useless. Hopefully the thief didn't manage to sell it.
Needless to say I now make sure to use a code to even allow unlocking of the phone (a swype-code on Android, so it's not a pain in the ass).
which is totally what she said
Shouldn't it be just an option to remote wipe the exchange store? Why force a pin lock on the phone, and remote wipe it? Why not just pin lock the app and remote wipe the email store instead? This applies to Android too. My phone forced me to pick a pin lock because someone in IT checked a box over the weekend. I immediately removed corporate email from the phone.
Why would ANYONE allow their personal device to touch the Exchange Server, BES or whatever? If you do that you should know that EVERYTHING you do on said device can and will be viewed by the Exchange/ BES admins.
I'll forward the TouchDown recommendation on to my co-workers that are using Android, however most of them are beta-testing software in development here (system level stuff) so they tend to get their devices reset frequently. I use an N900, so there's no real options for me short of my employer buying me a device, or reverse engineering the ActiveSync protocol such that I can lie and claim I support provisioning when I don't.
Needless to say I now make sure to use a code to even allow unlocking of the phone (a swype-code on Android, so it's not a pain in the ass).
Exchange Server is set by default to force a passcode to be set and locking enabled when you add an Exchange account to an iPhone, if the passcode lock feature is not already enabled on that phone.
As I understand it that is a feature of ActiveSync, though I've never seen it enforced on my crappy, company-issued WinMo 6 phone... just my personal iPhone when I tested Exchange functionality on it once (via the same server).
Blackberry Enterprise Server and Blackberry Enterprise Server Express have the exact same capability to remotely wipe all data from an employee's Blackberry phone.
Wow, I had no idea that adding an Exchange email account for your iDevice would give sysadmins that power. Good thing my last company had ActiveSync disabled on their Exchange server forcing me to find alternate ways to get my emails, one of which was a tool that let me set a middle man server to act as a IMAP/LDAP/CALDAV server, sort of a proxy via the WebMail interface. This would keep the admin's off my phone while giving me full functionality.
"Where is my mind?"
I am not sure that many here understand this feature. Basically it is not a selective thing whereby it only removes certain data or administrators have any choice what it wipes - it has one option and that is to wipe the entire phone including the OS. The process leaves it in a state where it will not even boot up. You have to plug it into iTunes and download/install the OS/firmware back onto it before it can even be used again. See the link below on how the process works and what is required.
Basically it comes down to this - Blackberries have always had this capability and it is part of the reason why they have been popular with businesses. You have employees wandering around with devices that may well contain confidential employee information and/or have the capability to send messages on behalf of the company. The solution was to give the employer the ability to wipe the device remotely when the employee reported it stolen or if they had to quickly terminate an employee in the field. Microsoft was told by business that in order to be competitive with BES they had to offer the same functionality and thus require it as part of the ActiveSync API. Many other vendors (Microsoft, Palm, Nokia) implement the API call to only wipe the company data and leave the phone in a usable state but Apple, for whatever reason, implemented it in a way as to toast the whole phone. As such, this has to be Apple's fault as others do it better.
I've only done it once or twice when an iPhone was missing/stolen. In one case the person found the phone 10 minutes later (after saying they had searched everywhere) and they did lose quite a bit of personal info. It also took nearly an hour to even get the phone working again (reloading the firmware). That is the chance you take with these...
Why? It is already documented.
If you don't want to risk such things happening, don't mix business and personal.
Laptop, VPN, Cell Phone, etc. Keep your life separate from your work. Don't do work on personal equipment, and don't use work equipment for things you want kept private.
If you chose to mix them (for convenience) then understand the risk.
Yeah, 'cuz creepy backdoor capabilities surreptitiously placed into standard-issue corporate software is the natural risk of mixing work equipment with personal equipment, duh. This guy was just as dumb as that kid in Pennsylvania who took his school-issued laptop home and didn't expect to be videorecorded and monitored by the school. Idiots.
Anyone who doesn't have at least 2 phones and at least 2 laptops is also an idiot.
"I don't care about the Constitution!" --Bill O'Reilly, November 17, 2009
This is a non-problem. You should have backups of your iPhone even if this weren't the case. Remote wipes from your office is not remotely (hah get it?) the most likely way to lose all of your iPhone data. I can think of a hundred more likely scenarios starting with dropping the phone on a street and moving on through my dog burying it.
Back up all your data, or consider your data already lost. It's just a matter of time.
- For the complete works of Shakespeare: cat
How about
Did that help, or hurt? ;-)
I believe NandroidBackup will allow them to back up their apps and other local data and restore after a system wipe, if they know when the system wipe is coming.
That's what most people use when they are upgrading rooted versions of Android like Cyanogenmod. I haven't had to try it yet, because I'm on CM6.something. CM6.1 will be out soon, and I'll get to try NandroidBackup then.
Beta testing system level Android software? Cool.
I would think most companies, like my own, ask each user to agree to this risk when they agree to use a personal device to hold company data. This is pretty standard stuff, and the ISS shop wouldn't even sign off on personal devices used in this way without that capability. It is definitely a feature.
As to the impact? Not much of an issue. Any iPhone that is synced in iTunes (the large majority I would think), automatically makes a backup when it syncs, meaning any new device could get a total restore of all apps, data, music, notes, etc, at the time it was plugged into the users PC that contained the backup.
In Soviet Russia, phone wipes you!
Many don't realize that when they connect their devices (iPhones, iPads, Etc) to corporate networks they are handing over control to their employer. I wrote a piece about this back when iPhone 4 was released and one of the it execs we interviewed mentioned that fact: http://www.securityweek.com/iphone-4-enterprise-new-features-expected-drive-adoption-iphones-enterprise
on both sides of the fence over this one. but the blame here is w/ the "mail server - Exchange" - why the heck it would zap EVERYTHING on a device is lazy functionality. it's akin to an automaker forcing you to replace a car's engine just because it needs new oil. A joke - what do you expect from redmond. granted personal device should/could be restricted in what data they'd be able to access, but give the "average" human being - who wants a device for every mailbox(function) I liked one other writer idea - forward the mail (to gmail - wonderful) - i did for many years in a fortune 5 and would love to have know that I spread some "knowledge" around into the free marketplace.
The first time an owner, CEO or other senior exec gets his phone "wiped" by an "admin", or other similarly equipped tech savvy employee, that will be the end of that policy. Things always look good on paper. Companies only learn from their mistakes. If all else fails, just kick the shit out of your current admin. It might not save your data, but you'll feel a little better.
For the curious, LWN covered the remote wipe capability back in September.
Jonathan Corbet, LWN.net
Heh Heh, he said ASSpirin.
VMware Mobile Virtualization Platform (MVP) solves this problem by allowing your personal device to have a completely isolated work VM that you use for business purposes. If IT needs to wipe your phone, they simply remotely remove your work VM. All of you personal settings and data remains in tact. Hooray!
http://www.vmware.com/products/mobile/
People see something that, without any context (context like the spelling of the word or idiom...), could be conceived as racist. People take offense as something because of their own ignorance.
I apologize in advance for furthering the off-topic-ness here, but I want to emphasize how right you are and how stupid it is when people do this.
One of my "favorites" is when someone complains that the phrase "rule of thumb" is offensive because it is derived from a law permitting a man to beat his wife with a stick provided the stick is no bigger around than his thumb. This is flat-out fiction. "Rule of thumb" comes from, like, holding your thumb up to a painting. Anyone who gets offended by this phrase is being a willfully ignorant and shrill idiot, not to mention discrediting whatever quasi-feminist message they're trying to advance.
The only one worse than that, IMHO, is the insane notion that the word "picnic" derives from "pick-a-nigger", as in, "Who are we lynching for entertainment while we eat outdoors today?" Do we even need to go to Snopes for that one? That doesn't even qualify as an urban legend; that's just old-school linguistic trolling.
</rant>
What's so special about a phone that they get extra special wipe privileges? Can an Exchange admin remote-wipe my laptop if I have it hooked up to my corporate account?
No.
Why my phone then?
I suspect many of the misgivings about remote-wipe policies have to do with the clarity of explanation. Explain to users clearly what ‘remote wipe’ means, and what they can do to protect their data.
Just today, I wrote a new document for our users about our remote wipe policy and how, with iOS 4.2, they can too thanks to Find My iPhone. Here’s what I wrote, under the heading ‘A brief but important note about your privacy and data:’
Companies have a right to secure their smartphones —there’s a lot of data on them. End users have a right to protect their personal, non-company data. These are not mutually exclusive. Can we agree?
I am not sure if you comprehend the idiocy of this policy - saying your employees are responsible for their own data backups in case you have to remote wipe the phone "to ensure data is kept safe"
How are you going to ensure that these employee data backups are kept safe? After all they will also contain all the phones contacts and confidential emails. Knowing most people they will just be on some random laptop or out in the clound someplace unencrypted.
The point being IMO if a company is going to enforce remote wiping they damn well also enforce their own backup policies and also enforce that the phone owner IS NOT ALLOWED to make their own backups.
I sync my iPhone to gmail via exchange. That that also give gmail to power to kill my data??
I actually thought their response was fairly interesting. It you troll by making people post interesting things, then by all means continue.
How in god's name does this garbage make it to slashdot's front page. Are you _fucking_ kidding me?
This is why most companies use virtual desktop such on VPNs when remote computers log in. The actual data can be accessed without being permanently stored on the remote PC which is logging in. Many large corporations have specific rule regarding thumb drives. For example, my last employer only allowed files which cleared compliance for client consumption to be put on thumb drives.
If I deleted files on my employer's computers with malicious intent it is a crime. Why isn't this the same thing?
The employer is given permission to add and remove emails, contacts and calendar items. That's it. What's happening here is scorched earth.
This will also work for Google when you connect through the Exchange interface. You know, the one that sync calendar, email and address book in one sweep. So most geeks using iPhone is using that.
Just one more reason never to buy iPhone, Macbook Pro or iPod again.. Yeah, I'm disgruntled owner of all these and more junk, like Apple's Wifi offerings.
http://www.debunkingskeptics.com/
I did not call anyone an idiot... although you did, repeatedly.
I said that mixing business and personal is to be avoided, and that if you choose to do it you should know the risks first.
"You want to know how to help your kids? Leave them the fuck alone." -George Carlin
It's the company's data, not your personal data, and they have measures in place to protect it.
No it's not. He was talking about them wiping all your personal data. "Measures in place" to protect company's data that also wipe your personal data are a bit creepy.
Most smart phones don't have provisions to tell which bits are personal and which are business, so the wipe is all or nothing.
If your personal stuff gets wiped just restore it from backups. You do take backups, right? In case the phone gets dropped or lost? We all know backups are important, right?
I did not call anyone an idiot... although you did, repeatedly.
You're right, I'm more blunt than you are.
"I don't care about the Constitution!" --Bill O'Reilly, November 17, 2009
MS infects your Apple phone like a Sony rootkit
Bzzt. Wrong. This is an *Apple* API in iOS that third parties can call.
http://connectedplanetonline.com/business_services/news/apple-mdm-ios4-062210/
I don't know if it's true with your company, but I would consider that an overreach if you want me to connect my personal phone with your network and give you the ability to delete all of my pictures and other personal data solely at your discretion.
It's not connecting your personal phone "with their network". You're connecting with, synchronizing, and providing the ability to send email from, an email account your employer provides for work purposes. Those are radically different things.
This is a non-issue if you don't configure your personal phone to connect to your employer's email system, which you probably shouldn't be doing anyway for a variety of reasons. Example #1: If it's necessary for your job, your employer should be paying for it. Example #2: If it's not necessary, have some work-life separation and don't check your work email from your personal phone.
I know a number of people that carry a blackberry or smartphone for work, and a non-smartphone or iPhone/Android phone for personal use. Among other things, it's the ultimate level of control over whether or not you can be reached via such a device, billing, voicemail, separate numbers, etc.
Please help metamoderate.
and as far as I can tell that's not even the usual ignorant slashdot poster's wrong idea about what bricked means. It's a whole new level of wrong.
Like anyone can even know that
Your data is still gone, *Apple* API, MS, Amazon ... the trend would be to have a dumb phone for work belonging to your master and a Linux phone for your real life. A dual boot phone? One section for your boss, one for you to enjoy on the way to and from work?
Domestic spying is now "Benign Information Gathering"
How about not feeding the trolls?
Then the simple solution is to not use your personal phone to check your business e-mail. If my employer wants me to check my e-mail when I am out and about, then they can provide me with the equipment to do so. Otherwise I will not use my personal phone to check my business e-mail.
I heard of a group which tried to call an event a picnic until someone complained (black slur). They then changed it to an outing until someone complained (gay slur). I think there was a third example of a word which garnered a complaint, so they said screw it and changed it back to a picnic. Awesome.
We had the IMEI blacklisted so the phone was basically useless. Hopefully the thief didn't manage to sell it.
I suspect the thief traded it for one or two hits of their drug of choice, but not much more than that. Cell phone blacklisting may keep it from being reused in America, but that's ineffective in the countries where that phone was likely to end up.
So I've heard.
John
Any iPhone that is synced in iTunes (the large majority I would think), automatically makes a backup when it syncs, meaning any new device could get a total restore of all apps, data, music, notes, etc, at the time it was plugged into the users PC that contained the backup.
But I don't think this extends to include jailbreaking itself, nor any jailbroken apps. And what about jailbroken app data?
John
seems more like an amazing troll fail to me...
According to http://ksmtkmr.blogspot.com/2010/06/speed-up-iphoneitouch.html you can disable this horribly abusive "feature" by not running the "obliteration" daemon:
com.apple.mobile.obliteration.plist - This daemon wipes the data partition of your device. (Source) This will be used if you remotely wipe your phone via Exchange, or if you use Settings > General > Reset, or if you set your device to wipe itself after a certain number of failed passcode entries. If you don't use these features, you can delete this daemon.
See also: http://code.google.com/p/chronicdev/wiki/MobileObliterator
The Bill Gates as Borg icon needs to be changed to Ballmer as Borg. Its way past time.
"Wipe Device" is no security strategy for preventing an employee from keeping data. It solves a specific problem, and dealing with employees that are leaving is not the problem it solves. The problem it addresses is destroying data on a stolen device, before the thief can have time to disseminate it. An employee that owns the device and has had the stuff on it, has already had plenty of time to disseminate it and make any extra immune-to-wipe-feature copies that they had wanted.
This is why most companies use virtual desktop such on VPNs when remote computers log in. The actual data can be accessed without being permanently stored on the remote PC which is logging in.
Nevertheless, the user might store any data they want by taking screenshots, taking hard copies, transferring files, or by using copy and paste.
I suppose if they wanted to capture everything, they could get a converter box to hook their monitor into, with dual outputs.... one output to the computer display, and another output to a High-Def TV recording device, e.g. firewire connection to a HD camcorder.
Presumably, a high resolution recording of whatever was displayed on the monitor could be used (given sufficient time) to reconstruct any data that had been viewed later
For the first time I've found an issue for which I have no sympathy for jailbreakers--if you engage in unsupported uses, you don't get to complain when shit accidentally breaks them (as opposed to when Apple intentionally and maliciously breaks them with new iOS updates).
So if this is tied to Activesync, does that mean google can wipe my phone now?
Activesync is the way everyone I know connects to gmail to synchronise calendars as well as email, I wasn't aware that I was granting remote wipe privileges to google as I set this up.
Sure, it's unlikely to happen, but it shouldn't even be possible! Stuff like that is an accident waiting to happen.
I would say: one more reason to prefer free software, if someone needs more reasons. Simply reading Slashdot summaries gives you a couple of reasons a day.
The real solution is to do backups all the time. Not only when you see some stupid article on slashdot on just another way you can lose data.
If the employee is aware of the policy, and has accepted it, then legally there is nothing wrong here. However this is a nasty policy. You know that people have masses of personal data on their phones, you know that most people don't do regular backups, and you know that most people are not aware of (or are going to forget about) such a policy.
Moreover, if someone wants to steal company data, wiping their phone is not going to prevent it. If you want this level of control, provide the employee with the phone, and physically collect it when they leave the company.
Enjoy life! This is not a dress rehearsal.
I mean, let's give it some perspective here. If there was a cleaning product called Nigger-n-Span I get the feeling there would be protests. We cannot have a truly colorblind society where everybody is equal if one group is defended more than another group.
There you go
Non-Linux Penguins ?
My university recently moved to Windows Live Mail student accounts. This comes up as an exchange server in the iPhone. Does this mean that a malicious attack could cause a mass remote wipe?
So if this can be done to any phone connected to an email/exchange server by ActiveSync protocol, presumably this means any of us that has set our phones to sync with Gmail using ActiveSync can be remote wiped at will by Google? That doesn't sound very comforting...
Well done for feeding the troll.
To have a right to do a thing is not at all the same as to be right in doing it
What would stop a company using free software and setting it up so it did exactly the same thing?
To have a right to do a thing is not at all the same as to be right in doing it
Quite frankly: Do seperate private and work. It only brings you pain if you don't, and you deserve whatever you get.
Same goes for the other direction: If you store any personal data on your work PC (or other equipment), make sure that you have remote wipe capabilities, or it is encrypted.
Assorted stuff I do sometimes: Lemuria.org
A company has plenty of reasons to remote wipe phones if they're accessing company communications. Also, i'm pretty sure you have to sign a contract/disclaimer telling you such, and if you haven't read it, then well, its your own fault.
Theres a feature in Android 2.2 that allows server side commands with email. I'm guessing its to do with exchange, but it warned me that it had the permissions to do a factory reset. If I wanted to access my email from out of the office but didn't need to, then i'd understand the risk involved. If they demanded (not offered) that I use my own phone to read company emails, and then wiped it, i'd be pissed, but then i would have found or demanded a phone to access it from!
You said "niggardly"! <sniggers>
So is "Mail" app on Android vulnerable to this?
They call it Exchange because you'll be better off swapping it with something else.
Any mail transfer agent that had a policy of open relay by default after a patch, that used to need to be completely halted to do backups and needed a clone of the original machine just to read restored email backups should have been ditched for something decent a decade ago instead of building a huge monolith on top of failure.
It's the only MTA in production today that still loses email on occasion.
Or, you can just use the stock android email client (the open-source one), and just edit a few key calls to DevicePolicyManager. Viola, the phone looks like stock to the server, but it doesn't actually implement any security provisions that you don't want it to.
Does the name Nazir have anything to do with Nazi Germany?
'Nuff said.
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
No, the real solution is to buy a phone without 'features' like that. Or at least one which will ask the actual owner of the device whether this feature should be enabled. I've been testing this, and while the HTC and iPhone of my colleges got wiped clean my N900 happily ignored the remote wipe. Accidentally the N900 also is a phone which you could actually use for a dual-boot scenario like that.
The only downside is that the N900 relies entirely on physical security to prevent unauthorized access to users with physical access, outside of its root partition. Turn it off and plug it in, and you have access to the 30GB internal storage and the MicroSD, and doing full-disk encryption of any kind on it is a gigantic PITA even by uber-geek standards, it requires heavy modification of the OS.
The N900 already locks out mass storage when locked, if only it didn't allow mass storage mode when powered off this would be mostly a non-issue. (microSD could be considered unsecure and isn't really necessary, beyond that you'd have to pull chips off the board).
But yeah I agree, don't buy a phone that "features" things like remote wiping out of the box. Remote wipe should be a secure operation that needs to be configured and controlled solely by the owner.
"When information is power, privacy is freedom" - Jah-Wren Ryel
Cisco Mobility Software has the ability to selectively delete data. Since most people now have their work and personal phones in one this allows you to wipe your corp. data and email but leave their family photos alone.
There are professional race-baiters out there who see "racism" in the color of their morning coffee.
Most of them work for people like Al Sharpton, or racial supremacist organizations like the NAACP or LULAC.
Cant stand the word RACIST. It should be removed from the dictionary. Its used so much, so over saturated, that its lost all of its true meaning. People who use the word racist, as in calling someone else a racist are pure jackasses these days. They have ZERO understanding of the meaning of the word. I hate spinach so therefore I must be racist against SOME farmer out there. Idiots.
for example, you would use a free version of the client too, so you could be aware of this "feature" and possibly remove it from the code.
I've used Touchdown since the G1, prior to Android actually supporting exchange out of the box. I still prefer it over the built in client. The calendars are better, the address book is complete, the mail delivery is faster, and now just one more point to add in its favor.
What's all this about "your" iPhone? I thought we had already established that the device in your hands actually belongs to Steve Jobs and Apple.
a G-1 Google phone, that it did not integrate with office mail systems. Consumer Reposts had that as a minus, and for many smartphone users it could be. But why would I wish to tie my personal phone to the office's systems? Office issued cell-phones are called 'Ball-and-Chain' for a reason.
Remote wipe can also be issued from Google apps, if the phone is configured to sync from it. Most see it as a very useful feature, the phone can be wiped if it is lost or stolen. Interestingly this feature isn't available in Google's own Android phones, it's necessary to use third party software for remote wiping.
If you chose to mix them (for convenience) then understand the risk.
Nobody does anything work-related because it is "convenient." They do it to keep their jobs.
So, an employee has two choices - unpack and fire up a company laptop a few times every evening to stay on top of work email. Or, they can just use their smartphone. The company doesn't care which they do of course, but they do expect the employee to be as productive as all the other people who do these things.
So, the employee gets to choose between a few options, all of which are highly intrusive on their personal life. Then you criticize them for picking what for them is the lesser evil and then being upset when it bites them.
How about this - we pass a law that any data on my phone is my property without regard to any agreements I sign to the contrary. If the employer wants to let me use my phone to sync to their systems that is fine, but I get to keep anything I download when I quit. I suspect that most employers will suddenly be able to afford providing phones to those who need them, or telling employees not to stress out about working from home as much...
In Soviet Russia, and by Soviet Russia I mean the fourth episode of Dollhouse, Echo's personal phone remote-wiped *her*.
Disable Outlook Mobile Access for anyone not issued a company smart phone unless they have signed the proper documents detailing the consequences.