I heard that while many people believe they have cleared information from mobile phones with remote wipe, a significant...
amount of information can remain on the device -- especially in the code. Is there any way to truly ensure that all information has been completely removed from an old device?
The only way to be sure all information has been removed from an electronic device is to securely destroy the device. Initiating a factory reset, deleting files or issuing a remote wipe might not have the desired outcome. There are even malware programs that disguise themselves as tools that clean up old files to make the device work better, but instead infect the system with malware.
Enterprises should test proposed methods for securely removing data to ensure they get the results they're looking for. Deleting a file usually still leaves data on the hard drive that may enable it to be recovered with forensic tools (or it might be as easy as looking for it in the recycle bin).
Meanwhile, a factory reset might only reset software back to the factory state, not erase mobile phone data; someone could use the factory reset as part of the troubleshooting process and not delete the person's data.
On the other hand, remote wipes might not work if a SIM card is removed, cellular service is disconnected prior to issuing the remote wipe command, or the device is never connected to a network prior to accessing the data or before performing a reset to factory default to sell.
While remotely wiping a mobile phone might be the only option if a device with unencrypted data is lost or stolen, when an old device is retired through normal processes, an enterprise will have more options to securely erase mobile phone data that's sensitive, such as removing memory cards, or as mentioned earlier, simply destroying the device.
Ask the Expert!
Want to ask Nick Lewis a question about enterprise threats? Submit your question now via email! (All questions are anonymous.)
Learn more about the benefits and limitations of different methods for remote wiping mobile devices.
Dig Deeper on BYOD and mobile device security best practices
Related Q&A from Nick Lewis
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading
Enterprises new to the cloud can write new security policies from scratch, but others with broad cloud usage may need an update. Consider these ... Continue Reading