Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sprint Faces Backlash For Adding MDM Software To Devices (csoonline.com)

Posted by timothy on from the but-we-thought-you-wanted-that dept.

itwbennett writes: On Wednesday, Sprint customer Johnny Kim discovered an in-store technician adding MDM software to his personal iPhone 6 without prior notice or permission. Kim took to Twitter with his complaint, sparking a heated conversation about privacy and protection. One expert who commented on the issue told CSO's Steve Ragan that 'it's possible Sprint sees the installation of MDM software as an additional security offering, or perhaps as a means to enable phone location services to the consumer.' But, as Ragan points out, 'even if that were true, it's against [Sprint's] written policy and such offerings are offered at the cost of privacy and control over the user's own devices.' (MDM here means "Mobile Device Management.")

3 of 123 comments (clear)

  1. Dumbphone FTW by Anonymous Coward · · Score: 1, Interesting

    Every time I want to upgrade to a smart phone I think back to the 1990s when I didn't have a cell phone. Then about issues like this.

    Having a tiny portable phone in my pocket: $20.
    Not having to treat it like a crotchety piece of IT equipment: priceless.

  2. Re:I don't care how Sprint "sees it" by Holi · · Score: 3, Interesting

    Which is their stated policy. Personally I see this as some dissatisfied tech who planned on trying to access the phones later for pics and credit card numbers.

    --
    Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
  3. Who Says It's A Sprint-Owned Domain? by Dredd13 · · Score: 4, Interesting

    I'm going to go ahead and throw up a red flag. I don't think this is a Sprint owned domain. I think it's meant to LOOK like one, but I don't think it IS one.

    $ dig +short sprint.net ns
    ns1-auth.sprintlink.net.
    ns2-auth.sprintlink.net.
    ns3-auth.sprintlink.net.
    $ dig +short sprint.com ns
    reston-ns1.telemail.net.
    ns2-auth.sprintlink.net.
    reston-ns3.telemail.net.
    reston-ns2.telemail.net.
    ns1-auth.sprintlink.net.
    ns3-auth.sprintlink.net.

    The places Sprint hosts their "well-known" domains looks remarkably like it's a legitimate place. "wabaw.net", however?

    $ dig +short wabaw.net ns
    ns6.domainmonger.com.
    ns5.domainmonger.com.
    ns7.domainmonger.com.
    ns8.domainmonger.com.

    I'm going to propose a theory that the WHOIS data shows Sprint so that - if someone gets caught and folks go looking for someone to vilify, Sprint is the unwitting victim. But - in reality - it's sitting in some domain-registration that nobody official at Sprint has ever heard of, and someone's been building a network of phones that they control via MDM.