User: Password:
|
|
Subscribe / Log in / New account

Remotely wiping mobile phones

Remotely wiping mobile phones

Posted Sep 15, 2010 19:19 UTC (Wed) by cesarb (subscriber, #6266)
In reply to: Remotely wiping mobile phones by mitchskin
Parent article: Remotely wiping mobile phones

What we need is a phone with two user accounts, a "business" account and a "personal" account. The email client would run on the "business" account and only be able to wipe the data on it. The data on the "personal" account (your photos, your family contacts, etc.) would then stay safe.

As an aside, remote wipe is an horrible way of protecting data on a phone. Encrypting it (which should not be very power-intensive with hardware assistance plus the kernel's normal caching) and requiring a key (perhaps even having to contact a server to obtain part of it, to allow for it to be revoked) would be much safer, since it would not need a constant network connection to protect the data.


(Log in to post comments)

Remotely wiping mobile phones

Posted Sep 15, 2010 19:36 UTC (Wed) by drag (subscriber, #31333) [Link]

One thing that your completely missing, however, is that people leave their phones on most of the time. Encrypted drives only work effectively if your system is turned off at the time it was stolen.

That's why I don't bother with it on my laptop, except I store some of the more sensitive information encrypted via encfs and cryptkeeper. You see: I leave my laptop on all the time. Even when traveling it's suspended. Out of any modern device it's fairly trivial to pull encryption keys out of memory. There are ways it can be mitigated, but that is not the reality we live in right now in terms of hardware security.

But there is not much on a phone that I would tolerate using if I had to type in a password every time I needed to access it. Usability easily trumps security in this regards.

Remote wipe is really a pretty good way to keep your stuff safe. Cell phones are stolen very often, smart phones are even more attractive targets. People frequently leave their phones laying around and forget them in public places. People leave them on all the time.

If I was a business type guy buying phones for my employees then it would be a invaluable feature.

For my personal use it would be a invaluable feature.

The problem is not that there is a remote wipe. The problem has to do with who is the one in control of it.

That is true with most stronger security schemes. The problem is not that they exist or that they are effective or that they can get used... the problem is the people who have the ability to use them. That is: somebody other then the property owner.

Remotely wiping mobile phones by cancelling decryption keys

Posted Sep 15, 2010 21:19 UTC (Wed) by neilbrown (subscriber, #359) [Link]

> One thing that your completely missing, however, is that people leave their phones on most of the time. Encrypted drives only work effectively if your system is turned off at the time it was stolen.

Alternate perspective is that encryption and never-turned-off make a good combination as then if your phone is stolen/lost all you need to do is remote-shut-down. If you still have the phone, this is just an inconvenience. If someone else has it, they lose any access to your data.

All the value of remote-wipe and almost none of the cost.

Remotely wiping mobile phones by cancelling decryption keys

Posted Sep 15, 2010 22:43 UTC (Wed) by drag (subscriber, #31333) [Link]

That makes a lot of sense there.

Remotely wiping mobile phones

Posted Sep 15, 2010 23:52 UTC (Wed) by literfizzer (subscriber, #31274) [Link]

I nearly got locked out of my own personal phone the day after setting it up to sync my calendar (not mail) from the Exchange server at work. The next day the phone prompted me for a password, but it didn't specify which one. It was obvious in retrospect, but at the time I thought it wanted the one of the SIM PIN codes or perhaps my Google account password.

It gives you 10 attempts; I finally figured out that it wanted the Exchange password on the last or second-to-last attempt. I'm not sure what would have happened if I hadn't gotten it right, but I'm guessing my phone would have been wiped.

The password prompt comes up every few hours now. It's a real impediment to usability, especially when the phone is first powered on. The phone is more or less nonresponsive for the first few minutes after the password prompt comes up.

It's a lot to put up with just to get my Exchange calendar into my phone, which contains no sensitive information.

Remotely wiping mobile phones

Posted Sep 16, 2010 12:17 UTC (Thu) by sjlyall (subscriber, #4151) [Link]

Actually force a PIN on the phone (so you have to type a 4 digit password into the phone when you wake it up) is another option. The company I work with forces this on phones that uses it's exchange servers. This idea is that you can't just pick up somebody's phone and start reading confidential email.

Have a look at this page for some information;

http://www.apple.com/support/iphone/enterprise/

The "Security Overview" at the bottom of the page has a quick summary of some things you can do via policy on the exchange server.

http://images.apple.com/iphone/business/docs/iPhone_Secur...

Remotely wiping mobile phones

Posted Sep 19, 2010 10:34 UTC (Sun) by Tet (subscriber, #5433) [Link]

I leave my laptop on all the time. Even when traveling it's suspended. Out of any modern device it's fairly trivial to pull encryption keys out of memory.

Trivial, you say? I'd be intrigued to know how you plan to do this. Any halfway sane Linux distribution requires the decryption password to be entered when resuming from a suspended state.

Remotely wiping mobile phones

Posted Sep 20, 2010 16:13 UTC (Mon) by pkern (subscriber, #32883) [Link]

While this might be true for hibernation (aka suspend to disk), I don't know of a Linux distribution that does it on suspend to RAM.

In theory it could instruct the kernel to wipe the encryption keys from memory at suspend time. However, the whole LUKS cryptsetup infrastructure runs in userspace to verify the correctness of the keys, which would require some parts of userspace in RAM to be working for key input. Chicken, egg.

But then this only applies to full disk encryption / root partition encryption, userspace filesystems like ecryptfs could get triggered to forget the keys and re-prompt the user, I suppose.

Remotely wiping mobile phones

Posted Sep 28, 2010 13:37 UTC (Tue) by robbe (subscriber, #16131) [Link]

The plan:
* instruct the kernel to forget device keys before suspending
* run a daemon that is able to ask the user for her passphrase, and reinstate device keys on resume
* run without swap, or mlockall() all participating daemons/applications

Remotely wiping mobile phones

Posted Sep 28, 2010 13:30 UTC (Tue) by robbe (subscriber, #16131) [Link]

I'd classify the difficulty as moderate, not trivial. See http://en.wikipedia.org/wiki/Cold_boot_attack
for details.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds