[ISN] Who has your old phone's data?

From: InfoSec News <alerts_at_private>
Date: Mon, 29 Sep 2008 02:26:13 -0500 (CDT)
http://www.taipeitimes.com/News/feat/archives/2008/09/28/2003424400

[Related: http://www.infosecnews.org/hypermail/0308/8028.html  - WK]

By Pete Warren
THE GUARDIAN, LONDON
Sept 28, 2008

Three years ago, Graham Clements - the European managing director of the 
UK subsidiary of the Japanese packaging multinational Ishida - decided 
to get rid of his BlackBerry and passed it on to his IT department for 
recycling. At the start of this month, that BlackBerry was one of the 
top items on the agenda at the first board meeting that Clements had 
called since his return from holiday - because it, and the data on it, 
had come back to haunt him.

Instead of being recycled, the BlackBerry, like millions of other mobile 
devices every year, had been passed on to a company to be sold. On 
Clements's device were business plans, details of customer 
relationships, information on the structure of the company, details of 
his bank accounts and details about his children.

And Clements isn't alone. It's almost impossible for the average person 
to wipe a mobile phone clean: unlike a PC, which has an open 
architecture, mobile phones are closed books in terms of where data 
resides. "It has taken us over a year to get talks going with Nokia that 
now allows us to wipe their phones," says Jon Godfrey, director of Sims 
Lifecycle Services, which recycles mobiles. "We have to go through a 
different process with each manufacturer. To wipe it, you have to be 
able to access all the memory - and manufacturers don't want you to do 
that for all sorts of commercial reasons."

Yet, in the UK for instance, every six months 63,000 phones and around 
6,000 PDAs are left in cabs in London alone. At the city's Heathrow 
airport, 10 phones are handed in every day; one in four has no security 
and can be turned on by staff. Furthermore, the security of the data on 
those devices is the responsibility of the person who put it on the 
phone. It is not illegal to read it; it is up to you to protect it.

[...]


__________________________________________________      
Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
http://conference.hackinthebox.org/hitbsecconf2008kl/
Received on Mon Sep 29 2008 - 00:26:13 PDT

This archive was generated by hypermail 2.2.0 : Mon Sep 29 2008 - 00:37:44 PDT