Ten dangerous claims about smart phone security

Our columnist sees Barack Obama with that BlackBerry and shudders

1 2 3 4 5 Page 4
Page 4 of 5

7. I trust the integrity of data and applications on a smart phone.

On modern desktop and server systems, file systems with journaling, database-like features and integrated backup are common. Not so with mobile devices, where almost all data integrity relies upon some sort of synchronization with a stable fixed server system for backup and management.  

Windows Mobile users can use a variety of synchronization options to ensure that messages and data on the mobile device are consistent with a central Microsoft-based repository such as Exchange, SharePoint or even Groove file-share workspaces. BlackBerry Enterprise users have over-the-air device security options that include data synchronization and backup, and remote shutdown options for lost devices. (A product called SyncBerry provides advanced sync and backup features to SyncML-capable systems, and extends some of the BlackBerry goodness to Symbian users.)

T-Mobile's Sidekick, on the other hand, stores very little data locally because it's constantly synchronizing with the servers at Danger Inc., the manufacturer. If the device is lost, damaged or reset, data can be reloaded on the device by logging in with a name and password. However, this means that data is stored at a service provider with which individuals have a rather one-sided service-level agreement unsuitable for corporate use.

All of this can be protected by setting the device to require a passcode at start-up. If the wrong passcode is entered four times on Sidekick, local data is erased but can be restored by a remote password reset on the management Web site. Security administrators might lament the scarcity of people who use this feature, but it's interesting to note that the young thief who acquired up the now-famous Sidekick II in New York last year was identified and arrested only because she had access to the phone, sent messages and took pictures of herself -- which then synchronized with the legitimate owner's account on the Danger servers.

What about application integrity? OK, you say, you'll just install digitally signed or approved applications. A few months ago, some enterprising pot-stirrers managed to buy a BlackBerry code-signing key from RIM (arguably the most security-oriented of the smart phone vendors) for $100, no questions asked. This is all bad. Users tricked into giving network access to unsigned applications may be opening themselves up to all sorts of spyware, message relay and other malware, but signed applications don't even require consent to suspicious prompts. It's far better to teach astute users about acceptable applications and forbid the rest from installing anything. The choice of installable applications ought to be from a whitelist -- or no list.

8. Information deleted from a smart phone is gone, right?

Most converged devices have relatively small storage capacities, and use variants of the venerable FAT file system. When a file is deleted, the markers for the beginning and end of the data on the storage media are removed so that it is no longer retrievable by normal means (orphaned). However, the actual data remains until it's overwritten. There are no guarantees against orphaned data. In fact, the whole practice of cell phone forensics rests on the availability of orphaned data and logs.

I'm not aware of any smart phone that comes with a secure delete function to remove orphaned file system data. Perhaps, Apple will include the file system wiping option from OS X in its forthcoming iPhone, but it's not present in any of the other major players' offerings. With many smart phones offering basic word processing and spreadsheet applications, residual data from deleted copies becomes even more of an issue.

IT staffers responsible for disposal of outdated smart phones should use tools to ensure that residual data is removed. The simple method is to copy and erase chunks of data onto the device in a manner that fills the flash memory or hard disk, but forensically sound methods are available from various vendors. If the device memory can't be erased, it should be destroyed -- a damaged but repairable smart phone ought not be found in the trash. Those resorting to a hammer are advised to remove the Li-Ion battery first.

1 2 3 4 5 Page 4
Page 4 of 5
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon