I heard that while many people believe they have cleared information from mobile phones with remote wipe, a significant amount of information can remain on the device -- especially in the code. Is there any way to truly ensure that all information has been completely removed from an old device?
The only way to be sure all information has been removed from an electronic device is to securely destroy the device. Initiating a factory reset, deleting files or issuing a remote wipe might not have the desired outcome. There are even malware programs that disguise themselves as tools that clean up old files to make the device work better, but instead infect the system with malware.
Enterprises should test proposed methods for securely removing data to ensure they get the results they're looking for. Deleting a file usually still leaves data on the hard drive that may enable it to be recovered with forensic tools (or it might be as easy as looking for it in the recycle bin).
Meanwhile, a factory reset might only reset software back to the factory state, not erase mobile phone data; someone could use the factory reset as part of the troubleshooting process and not delete the person's data.
On the other hand, remote wipes might not work if a SIM card is removed, cellular service is disconnected prior to issuing the remote wipe command, or the device is never connected to a network prior to accessing the data or before performing a reset to factory default to sell.
While remotely wiping a mobile phone might be the only option if a device with unencrypted data is lost or stolen, when an old device is retired through normal processes, an enterprise will have more options to securely erase mobile phone data that's sensitive, such as removing memory cards, or as mentioned earlier, simply destroying the device.
Ask the Expert!
Want to ask Nick Lewis a question about enterprise threats? Submit your question now via email! (All questions are anonymous.)
Learn more about the benefits and limitations of different methods for remote wiping mobile devices.
Dig Deeper on BYOD and mobile device security best practices
Related Q&A from Nick Lewis
Researchers from Check Point announced a new attack at Black Hat 2018 that targets Android devices. Discover how this attack works and how devices ... Continue Reading
Sophos researchers believe the SamSam ransomware campaign could be the work of one or a few threat actors using manual techniques. Learn how it works... Continue Reading
The hacking group Magecart was recently found to have run a card skimming campaign that put customer information at risk. Learn how this attack ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.