Sprint Faces Backlash For Adding MDM Software To Devices (csoonline.com)

← Back to Stories (view on slashdot.org)

Sprint Faces Backlash For Adding MDM Software To Devices (csoonline.com)

Posted by timothy on Thursday November 5, 2015 @07:24AM from the but-we-thought-you-wanted-that dept.

itwbennett writes: On Wednesday, Sprint customer Johnny Kim discovered an in-store technician adding MDM software to his personal iPhone 6 without prior notice or permission. Kim took to Twitter with his complaint, sparking a heated conversation about privacy and protection. One expert who commented on the issue told CSO's Steve Ragan that 'it's possible Sprint sees the installation of MDM software as an additional security offering, or perhaps as a means to enable phone location services to the consumer.' But, as Ragan points out, 'even if that were true, it's against [Sprint's] written policy and such offerings are offered at the cost of privacy and control over the user's own devices.' (MDM here means "Mobile Device Management.")

27 of 123 comments (clear)

Min score:

Reason:

Sort:

Nice summary! by Just+Some+Guy · 2015-11-05 07:37 · Score: 5, Insightful

Credit where it's due: adding the definition of "MDM" at the end was a nice touch for those not already in the know.

--
Dewey, what part of this looks like authorities should be involved?
1. Re:Nice summary! by HiThere · 2015-11-05 07:50 · Score: 2
  
  Extremely helpful. I kept reading it as a misspelled Man (in) The Middle...and kept wondering what the D could actually stand for.
  Sounds like I got the meaning correct, though.
  
  --
  
  I think we've pushed this "anyone can grow up to be president" thing too far.
2. Re:Nice summary! by Sowelu · 2015-11-05 07:54 · Score: 4, Informative
  
  I think you've forgotten how multidisciplinary Slashdot is. Hell if I've ever seen that acronym before.
3. Re:Nice summary! by zlives · 2015-11-05 07:57 · Score: 5, Funny
  
  Man in Da Middle
4. Re:Nice summary! by mitgib · 2015-11-05 08:01 · Score: 5, Insightful
  
  Credit where it's due: adding the definition of "MDM" at the end was a nice touch for those not already in the know.
  Perhaps, but going the extra step to define it for this audience is like having to spell out STD in a porn workers forum.
  Isn't it proper journalism practice to define acronyms on their first use, then continue on using the acronym through the remainder of the story? Doing it at the end does make it seems as I am splitting hairs, which I am not, as long as the acronym was defined, I understand it.
  
  --
  Being a spelling & grammar Nazi is a sign you do not poses the intelligence to contribute to the conversation
5. Re:Nice summary! by __aaclcg7560 · 2015-11-05 08:07 · Score: 4, Funny
  
  If you think Slashdot is journalism, you got issues to work out.
6. Re:Nice summary! by Opportunist · 2015-11-05 08:52 · Score: 4, Insightful
  
  To be fair, it's not far from what is considered journalism today.
  I mean, the difference between copy/pasting from other places to aggregate stories isn't that far from copy/pasting press agency reports and cutting it so the ad fits on the page.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I don't care how Sprint "sees it" by U2xhc2hkb3QgU3Vja3M · 2015-11-05 07:39 · Score: 2, Insightful

It's not their devices and they should not be installing software without the express permission of their owners.
Fight for your bitcoins!
1. Re:I don't care how Sprint "sees it" by Holi · 2015-11-05 08:04 · Score: 3, Interesting
  
  Which is their stated policy. Personally I see this as some dissatisfied tech who planned on trying to access the phones later for pics and credit card numbers.
  
  --
  Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
2. Re:I don't care how Sprint "sees it" by __aaclcg7560 · 2015-11-05 08:20 · Score: 3, Funny
  
  I had a job interview at a multi-billion-dollar company a few years ago. The IT department wasn't allowed to license anti-virus or anti-spyware utilities because the software companies weren't in the multi-billion-dollar league, as any purchase from a smaller company would be seen as an "endorsement" by the larger company. (The hiring manager made it sound like the Prime Directive from Star Trek.) The IT techs spent all their time manually removing spyware and viruses from laptops. Unless the laptop got hosed, they weren't allowed to reimage the laptop. I turned down the job offer.
3. Re:I don't care how Sprint "sees it" by Calydor · 2015-11-05 08:24 · Score: 2
  
  Are you installing a program on another person's computer, without his knowledge and consent, that will allow you to at any time take control of that computer again without his knowledge and consent?
  That is not legal. That is how botnets work.
  
  --
  -=This sig has nothing to do with my comment. Move along now=-
4. Re:I don't care how Sprint "sees it" by Darinbob · 2015-11-05 08:43 · Score: 3, Insightful
  
  If it's Sprint's phone, then Sprint should be the one paying for it.
5. Re:I don't care how Sprint "sees it" by Opportunist · 2015-11-05 08:53 · Score: 2
  
  The times of "I pay for it so I own it" are gone. Today you gotta be happy if only your device is owned by some corporation and you still may decide what you do with your body.
  Just wait 'til implanted technology becomes available, then this is gone too.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
6. Re:I don't care how Sprint "sees it" by CanadianMacFan · 2015-11-05 09:23 · Score: 4, Insightful
  
  If the phone is part of a contract you are paying for the phone over a number of installments. Paying for a car by using a loan doesn't make it bank's.
  The provider's terms don't make the phone theirs either. Just like signing up to an ISP doesn't make your computer belong to that ISP or by getting a license for your car doesn't make it belong to the government.
7. Re:I don't care how Sprint "sees it" by sumdumass · 2015-11-05 13:27 · Score: 2
  
  Its not really the act of rooting that is the problem. It is the dmca anti circumvention law that makes circumvention as well as most collaboration and dissemination the problem.
Everyone is blaming Sprint by Holi · 2015-11-05 07:42 · Score: 4, Insightful

When Sprint has policies in place that actually forbid that action without a customer request. Isn't it more likely you have an unethical tech who is looking for future access to phones?

--
Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
1. Re:Everyone is blaming Sprint by Archangel+Michael · 2015-11-05 07:49 · Score: 2
  
  Except, it is a Sprint owned MDM and domain.
  Any sufficient level of incompetence is indistinguishable from Malice. Which is the more likely scenario, Incompetence or Malice? Knowing Sprint Techs, Incompetence is my initial guess.
  Now, if it was something out of Corporate, I would assume Malice. Just because it usually takes evil to get to the top of such organizations.
  
  --
  Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Not according to TFA by tomhath · 2015-11-05 07:46 · Score: 4, Informative

Isn't it more likely you have an unethical tech who is looking for future access to phones?
Reading the article (yea, I know) it seems Sprint gave him several different reasons why it was installed. None of which included rogue technician.
How to tell if you may have MDM by plover · 2015-11-05 07:55 · Score: 5, Informative

On your iPhone, go into Settings / General, select Profile, then look at the profiles that have been added. A stock iPhone has none. If you have an ISP who adds a cert that allows you to connect to their hotspots, you may see that here. If you have installed your company's MDM, perhaps a product like AirWatch, that will show up here. If you see something you don't recognize, that's when you need to do some research.
Inside the profile you can view the certs it installed. A WiFi cert will list what it can do: be wary if it includes a proxy.

--
John
1. Re: How to tell if you may have MDM by thoromyr · 2015-11-05 09:22 · Score: 2
  
  Nor do I. The iPhone settings has a search feature. Doing this finds it, which is under settings/general -- but it is still not there. I'm not sure if it is hidden due to a snafu or malicious intent...
2. Re: How to tell if you may have MDM by Kozar_The_Malignant · 2015-11-05 11:00 · Score: 4, Informative
  
  It's only visible if a profile has been installed.
  
  --
  Some mornings it's hardly worth chewing through the restraints to get out of bed.
Sprint clarifies the confusion by zlives · 2015-11-05 07:56 · Score: 2

The technician misheard the customer, the customer said " i do NOT want to be ass fucked". the tech didn't hear the NOT.
Re:I'm pretty sure that's not the case by gstoddart · 2015-11-05 08:40 · Score: 2

That's OK, I have an EULA on my phone which says you will not install any software without directly getting written permission, or I will give you an epic smackdown right there in the store.
I'm not acting outside the law either now.
Sorry, but this is stalling software which give them remote control of your phone without consulting you.
How's "computer fraud and abuse act" sound?

--
Lost at C:>. Found at C.
Re:Great sentence structure, SprintCare! by Opportunist · 2015-11-05 08:59 · Score: 2

*after bashing techs head in*
Didn't want to get beaten up? Let me know!

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Re:I'm pretty sure that's not the case by Dunbal · 2015-11-05 09:03 · Score: 2

The problem with your argument is that your EULA is imaginary, while their contract is real.

--
Seven puppies were harmed during the making of this post.
Who Says It's A Sprint-Owned Domain? by Dredd13 · 2015-11-05 09:57 · Score: 4, Interesting

I'm going to go ahead and throw up a red flag. I don't think this is a Sprint owned domain. I think it's meant to LOOK like one, but I don't think it IS one.
$ dig +short sprint.net ns ns1-auth.sprintlink.net. ns2-auth.sprintlink.net. ns3-auth.sprintlink.net. $ dig +short sprint.com ns reston-ns1.telemail.net. ns2-auth.sprintlink.net. reston-ns3.telemail.net. reston-ns2.telemail.net. ns1-auth.sprintlink.net. ns3-auth.sprintlink.net.
The places Sprint hosts their "well-known" domains looks remarkably like it's a legitimate place. "wabaw.net", however?
$ dig +short wabaw.net ns ns6.domainmonger.com. ns5.domainmonger.com. ns7.domainmonger.com. ns8.domainmonger.com.
I'm going to propose a theory that the WHOIS data shows Sprint so that - if someone gets caught and folks go looking for someone to vilify, Sprint is the unwitting victim. But - in reality - it's sitting in some domain-registration that nobody official at Sprint has ever heard of, and someone's been building a network of phones that they control via MDM.
Slashdot != Journalism by sjbe · 2015-11-05 10:49 · Score: 4, Informative

Isn't it proper journalism practice to define acronyms on their first use, then continue on using the acronym through the remainder of the story?

Slashdot isn't journalism. Slashdot is a debate forum that is kinda sorta vaguely topical. Nobody comes to slashdot for breaking news. They come to debate things and occasionally be informed with a viewpoint they might not have considered previously.