614-322-2222 or 877-770-8324

Cell Phone Wiping is Not Absolute

Mar

13

Cell Phone Wiping is Not Absolute

 

Continuing with the mobile device security theme we will discuss how remote wiping and other form of cell phone wiping/deleting is not absolute. When wiping an entire phone, only certain parts of the phone, or when deleting contacts/messages/voice mails; the data may not be visible on the device but can still be present.

Focusing strictly on the aspect of wiping/deleting, if a device has been stolen, for all intents and purposes, the data on the device has been exposed. You can wipe the phone after the fact and it may make accessing the data more difficult, but it is already lost. Even once the data has been wiped, there is still an opportunity for exposure given the nature of the devices technology. From a forensic perspective, simply wiping the device is not enough. Flash based devices (mainly smart phones) can still retain bits of data after wiping, and when you throw in the fact some users jailbreak or root their devices, you have added another set of obstacles for the wiping to attempt to get around. You will also run into issues where the wiping software is not able to differentiate between the companies data and the users personal data. This opens a whole new can of worms. Users have a right to privacy and if these wiping tools can potentially have access to their personal data that could be seen as an invasion of that right.

An example of data being recovered from a smartphone is currently in the news. Just a few days ago a trial began against an ex-BP engineer who is accused of trying to destroy evidence of the Deepwater Horizon drilling incident in 2010. A federal prosecutor is saying that Kurt Mix deleted text messages and voice mails that had details regarding the spill. In one instance Mix sent a text message to his supervisor stating that 630,000 gallons of oil per day was spilling out, BP’s public estimate at the time was around 210,000 gallons. These messages were sent on May 26, 2010 and were deleted by Mix on October 4, 2010. They were recovered after the fact.

The only surefire way to ensure that data is properly destroyed is to physically destroy the device/storage device itself. The most difficult part with destroying is having the user part with their device. However, once they receive the latest technology, the user with quickly get over parting with the old device.

Stay tuned for updates on TechR2’s new service offering around mobile device data destruction.



  • Providing complete “Cradle to Grave” data eradication solutions, sound experience, industry best practices and resources to support you.


  • About An Industry Leader

    TechR2 is the only company in the industry that has earned a US patent for its Track-Contain-Destroy-Verify data security process, is OEM approved, upholds critical ISO certifications, and is recognized for compliance with GDPR, NIST and all governmental regulations concerning data destruction, including ISO 27001, ISO 14001, ISO 9001, and ISO 45001.


  • Why risk it? Get started today!
    Call 614-322-2222 or use this form.