Continuing with the mobile device security theme we will discuss how remote wiping and other form of cell phone wiping/deleting is not absolute. When wiping an entire phone, only certain parts of the phone, or when deleting contacts/messages/voice mails; the data may not be visible on the device but can still be present.
Focusing strictly on the aspect of wiping/deleting, if a device has been stolen, for all intents and purposes, the data on the device has been exposed. You can wipe the phone after the fact and it may make accessing the data more difficult, but it is already lost. Even once the data has been wiped, there is still an opportunity for exposure given the nature of the devices technology. From a forensic perspective, simply wiping the device is not enough. Flash based devices (mainly smart phones) can still retain bits of data after wiping, and when you throw in the fact some users jailbreak or root their devices, you have added another set of obstacles for the wiping to attempt to get around. You will also run into issues where the wiping software is not able to differentiate between the companies data and the users personal data. This opens a whole new can of worms. Users have a right to privacy and if these wiping tools can potentially have access to their personal data that could be seen as an invasion of that right.
An example of data being recovered from a smartphone is currently in the news. Just a few days ago a trial began against an ex-BP engineer who is accused of trying to destroy evidence of the Deepwater Horizon drilling incident in 2010. A federal prosecutor is saying that Kurt Mix deleted text messages and voice mails that had details regarding the spill. In one instance Mix sent a text message to his supervisor stating that 630,000 gallons of oil per day was spilling out, BP’s public estimate at the time was around 210,000 gallons. These messages were sent on May 26, 2010 and were deleted by Mix on October 4, 2010. They were recovered after the fact.
The only surefire way to ensure that data is properly destroyed is to physically destroy the device/storage device itself. The most difficult part with destroying is having the user part with their device. However, once they receive the latest technology, the user with quickly get over parting with the old device.
Stay tuned for updates on TechR2’s new service offering around mobile device data destruction.