×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

When Your Company Remote-Wipes Your Personal Phone

kdawson posted more than 3 years ago | from the unfair-exchange dept.

Iphone 446

Xenographic writes "NPR has a story about someone whose personal iPhone got remotely wiped by their employer. It was actually a mistake, but it was something of a surprise because they didn't believe they had given their employer any kind of access to do that. This may already be very familiar to Microsoft Exchange admins, but the problem was her iPhone's integration with MS Exchange automatically gives the server admin access to do remote wipes. All you have to do is configure the phone to receive email from an MS Exchange server and the server admin can wipe your phone at will. The phone wasn't bricked, even though absolutely all of its data was wiped, because the data could be restored from backup, assuming that someone had remembered to make one. But this also works on other devices like iPads, Blackberry phones, and other smartphones that integrate with MS Exchange. So if you read your work email on your personal phone or tablet, you might want to make sure that you keep backups, just in case."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

446 comments

One More Reason... (-1, Troll)

cdoggyd (1118901) | more than 3 years ago | (#34324382)

...to hate the Micro$oft.

Re:One More Reason... (-1, Offtopic)

Anonymous Coward | more than 3 years ago | (#34324438)

That reminds me. Everyone knows the cleaning product Spic-n-Span. Anybody else think thats a little racist? No one seems to complain even though "spic" is a well known racial slur against Hispanic people.

I mean, let's give it some perspective here. If there was a cleaning product called Nigger-n-Span I get the feeling there would be protests. We cannot have a truly colorblind society where everybody is equal if one group is defended more than another group.

Re:One More Reason... (5, Insightful)

dasdrewid (653176) | more than 3 years ago | (#34324796)

http://en.wiktionary.org/wiki/spick-and-span

Also, from the wikipedia article on the product, someone did try boycotting it in 1999 (http://en.wikipedia.org/wiki/Spic_and_Span). I think that's stupid. "Spick and Span" was first recorded in the 16th century. "Spic" has only existed since early 1900s, wasn't documented until 1910, and even then was documented as "spiggoty" as a slur against Italians. I'd say it's pretty safe to say that when "Spic and Span" was created (1933 in Ohio), "spic" being a slur wasn't even on the radar for them.

I think the situation is similar to the word "niggardly" (http://en.wikipedia.org/wiki/Controversies_about_the_word_%22niggardly%22). People see something that, without any context (context like the spelling of the word or idiom...), could be conceived as racist. People take offense as something because of their own ignorance.

The problem is, you're not being color-blind. You're seeing color issues where there aren't any. You're trying to get people riled up at racism that isn't even there. You're not helping to stop racism, but you are helping to chill language and communication and encourage ignorance. You have, by trying to be on the right side of something, wound up on the wrong side of everything.

And there goes my karma...

Re:One More Reason... (0, Flamebait)

Anonymous Coward | more than 3 years ago | (#34324562)

You're either a troll, an idiot, or both. Apple didn't have to allow the wipe functionality, or could have made it configurable. It's your boyfriend Steve Jobs who you should be mad at.

Re:One More Reason... (0, Troll)

AHuxley (892839) | more than 3 years ago | (#34324648)

MS infects your Apple phone like a Sony rootkit and allows an employer to remotely wipe data like 1984 on an Amazon Kindle.
Welcome to your new Pink phone designed in California.

Re:One More Reason... (2, Insightful)

bhcompy (1877290) | more than 3 years ago | (#34324758)

By giving a corporation control over corporate property(virtual property in this case, but established property as far as the law is concerned)?

I think you'll need to hate pretty much every company in the world.

Re:One More Reason... (1)

somersault (912633) | more than 3 years ago | (#34324916)

You'd really rather a thief had easy access to your email and other personal info?

Having said that - when my last phone got stolen, they took the SIM out pretty much immediately anyway, which would stop any wiping from taking place until further connection to the net, or never if they disabled the Exchange account. They could then browse anything if they wanted. We had the IMEI blacklisted so the phone was basically useless. Hopefully the thief didn't manage to sell it.

Needless to say I now make sure to use a code to even allow unlocking of the phone (a swype-code on Android, so it's not a pain in the ass).

Re:One More Reason... (0)

Anonymous Coward | more than 3 years ago | (#34325060)

Needless to say I now make sure to use a code to even allow unlocking of the phone (a swype-code on Android, so it's not a pain in the ass).

Exchange Server is set by default to force a passcode to be set and locking enabled when you add an Exchange account to an iPhone, if the passcode lock feature is not already enabled on that phone.

As I understand it that is a feature of ActiveSync, though I've never seen it enforced on my crappy, company-issued WinMo 6 phone... just my personal iPhone when I tested Exchange functionality on it once (via the same server).

hahahaha Becks (0)

Anonymous Coward | more than 3 years ago | (#34324384)

told ya they could do it!

Hmmmmmm (0)

Anonymous Coward | more than 3 years ago | (#34324396)

Is this meaning that the Mails were deleted on the server?

Re:Hmmmmmm (0)

Anonymous Coward | more than 3 years ago | (#34324474)

Is this meaning that the Mails were deleted on the server?

No, it means that all the data was wiped from the phone, just like the summary and article say.

Re:Hmmmmmm (4, Insightful)

causality (777677) | more than 3 years ago | (#34324538)

Is this meaning that the Mails were deleted on the server?

No, that wouldn't wipe a phone or raise questions about it being bricked if not for backups. Did you even read the summary?

This is more like the inverse or the equal-and-opposite of (previous?) MS e-mail clients that would automatically execute code from unknown sources as a "feature". Instead of an MS e-mail client it's an MS e-mail server, and instead of downloading and executing code automatically without asking the user to confirm it wipes the phone automatically without asking the user to confirm.

The solution is a simple one. If a company requires you to use a phone for business purposes that will be sending/receiving business e-mails and subject to remote wiping by that company, then that company needs to issue phones to their employees that may not be used for non-business purposes. Then there wouldn't be any problems with a company wiping a phone that is actually company property.

Re:Hmmmmmm (0, Interesting)

Anonymous Coward | more than 3 years ago | (#34324630)

The solution is a simple one. If a company requires you to use a phone for business purposes that will be sending/receiving business e-mails and subject to remote wiping by that company, then that company needs to issue phones to their employees that may not be used for non-business purposes. Then there wouldn't be any problems with a company wiping a phone that is actually company property.

That was probably their policy and they gave everyone a free Black Berry. Then a few Apple "Fanatics" started whining they wanted to user their UBER sweet iPhones and the company is being racist against their phones if they don't let them use it.

The company gives in after all the whining but the policy regarding a phone being used with their exchange server never changes. And so the policy stands that they can wipe any phone that was had connected to their server.

Re:Hmmmmmm (1)

farnsworth (558449) | more than 3 years ago | (#34324904)

That was probably their policy and they gave everyone a free Black Berry. Then a few Apple "Fanatics" started whining they wanted to user their UBER sweet iPhones and the company is being racist against their phones if they don't let them use it.

Or, since I already have a device capable of accessing the company exchange server, I consider it a waste and a burden to carry around another device. This is what I do. While I am not happy about the possibility of a remote wipe, on balance it is worth it to not lug another device/charger/etc. To mitigate the small possibility of a remote wipe, I perform backups. I can't think of a single piece of data on my phone that I couldn't live without, so the backups are really just a convenience so that I don't have to reassemble everything (music, photos, contacts, etc). If I lose a day's worth of new data, who cares? It would only be notes or phone numbers or texts. None of that is critical, and if it was, I would immediately copy it off the phony by emailing it to myself or similar. Hell, I would do this even if no one could remotely wipe my phone, because there is always the possibility that I would lose the thing or accidentally destroy it.

Re:Hmmmmmm (1)

Jah-Wren Ryel (80510) | more than 3 years ago | (#34324764)

The solution is a simple one. If a company requires you to use a phone for business purposes that will be sending/receiving business e-mails and subject to remote wiping by that company, then that company needs to issue phones to their employees that may not be used for non-business purposes.

Why require they be used strictly for business? If the user is willing to take the risk of losing it all, then let them. One less low-value rule to worry about enforcing.

we have the same policy at work (5, Informative)

queen of everything (695105) | more than 3 years ago | (#34324410)

We have the same policy and will only allow smart phones to connect to exchange when they have the remote wipe capability. It's to protect the company's interests should a phone be lost or stolen. When the users sign up for ActiveSync they have to "read" the terms and conditions where it states that it may be remotely wiped. I don't think most people read it but when you think about the type of proprietary (and often confidential) data your email inbox has, you have to understand why the company does it.

Re:we have the same policy at work (1)

pantheonwhaley (1933610) | more than 3 years ago | (#34324476)

Various phones have various types of data wiped in exchange, but if they can wipe anything remotely they say "wipe". Your users should probably check exactly what could be wiped, too.

Re:we have the same policy at work (1, Informative)

geekoid (135745) | more than 3 years ago | (#34324500)

sure,all those emails about yet ANOTHER birthday, whose turn it is to clean the fridge, who burnt the pop corn, meetings to discuss the next meeting. Jokes, bus passes.

Yeah, losing it would just ruin a company~

Re:we have the same policy at work (5, Insightful)

amicusNYCL (1538833) | more than 3 years ago | (#34324628)

I don't think most people read it but when you think about the type of proprietary (and often confidential) data your email inbox has, you have to understand why the company does it.

That's a perfectly acceptable policy for any company that provides smart phones to its employees. I don't know if it's true with your company, but I would consider that an overreach if you want me to connect my personal phone with your network and give you the ability to delete all of my pictures and other personal data solely at your discretion. I'm sure you would understand why the owner would find that objectionable.

Re:we have the same policy at work (3, Insightful)

Capt.DrumkenBum (1173011) | more than 3 years ago | (#34324798)

I have the same thing here. I always inform staff that I can and will wipe their phones. At their request, and that they should inform me at once if they lose of have their phone stolen.
My personal iphone is connected to a gmail account that I forward a copy of all my work email.
That way I get work email, but it is still my account.

Re:we have the same policy at work (5, Insightful)

IshmaelDS (981095) | more than 3 years ago | (#34324982)

That's a massive security breach, one I wouldn't allow on my network. You may want to check your corporate policies and make sure your still inline or you could be fired.

Re:we have the same policy at work (0)

Anonymous Coward | more than 3 years ago | (#34324990)

My personal iphone is connected to a gmail account that I forward a copy of all my work email.[...] but it is still my account

That's what you think (and what they want you to think). I bet you see nothing wrong there.

Re:we have the same policy at work (1)

jc42 (318812) | more than 3 years ago | (#34325002)

My personal iphone is connected to a gmail account that I forward a copy of all my work email.
That way I get work email, but it is still my account.

So you and your boss aren't worried that google's staff has full access to your company email?

I wonder if you boss actually knows this ...

Re:we have the same policy at work (0)

Anonymous Coward | more than 3 years ago | (#34325020)

So, basically, you salve your conscience about doing the patently wrong thing of knowingly destroying someone else's data in the name of security by telling people before hand that you might do it, and at the same time, you're the source of probably the largest security hole in the entire system by pushing all your work out into a 3rd party system?

Re:we have the same policy at work (3, Insightful)

Dynedain (141758) | more than 3 years ago | (#34324800)

Then don't connect your personal phone to the company network.

It's that simple. It's the company's data, not your personal data, and they have measures in place to protect it. If you don't want to abide by those measures, you don't have to.

At least in the US, if you're required to provide equipment required by your job, and your employer doesn't pay for it, then you can write it off on against your personal tax burden. So if you find yourself in that rare situation where work requires you have a smartphone, and won't pay for it, get one separate than your private phone and save on your taxes at the end of the year.

Re:we have the same policy at work (5, Insightful)

Anonymous Cowpat (788193) | more than 3 years ago | (#34324660)

What do you do to protect your employees interests in not having their own data annihilated by accident?

Also, are you expecting employees to take work with them, using their own devices; or is the company willing to bare the costs of either providing a device or the work not being done?

It would seem most unusual to me for an employer to require their employees to provide expensive equipment for company use, and with the agreement that the company may treat it as its own.

Re:we have the same policy at work (0)

Anonymous Coward | more than 3 years ago | (#34324822)

but... but, but it's the Company! We all worship the company, don't we?! They fill our fridge! Won't Someone Think Of The Company?

Re:we have the same policy at work (3, Interesting)

steppin_razor_LA (236684) | more than 3 years ago | (#34324838)

My $.02 on policy:

Employees should backup their own data. If they are uncomfortable with the possibility of Employer wiping their personal phone, then they should not connect their personal phone to work email.

  If an Employer *wants* its Employees to be reading their email from cell phones and the Employee doesn't feel like using their own personal property to do so, then the Employer needs to buy the Employee a work owned device or "STFU". If the Employee doesn't want to carry around two devices then they either need to submit to their phone being wiped or "STFU" and carry around both devices.

Re:we have the same policy at work (2, Insightful)

tlhIngan (30335) | more than 3 years ago | (#34324878)

What do you do to protect your employees interests in not having their own data annihilated by accident?

Also, are you expecting employees to take work with them, using their own devices; or is the company willing to bare the costs of either providing a device or the work not being done?

It would seem most unusual to me for an employer to require their employees to provide expensive equipment for company use, and with the agreement that the company may treat it as its own.

Simple - don't give company access to your personal phone.

If the company wants you to have mobile email, they can pay for it themselves - after all, you're just as likely to not have a smartphone as to have one, so if the employer wants you to have one, they can provide it. I don't see why I should pay for a data plan on my phone that my employer can eat into. What - I went with a 100MB plan and you sent me 200MB of email? I'm not paying the extra $500 that usually costs.

The usual reason why personal iPhones and such are being connected to company networks is simple - the employee wishes to have their email (or needs to have it) and doesn't want the company standard blackberry, or to carry two phones, or other reason. Of course, most companies balk at using personal equipment connected to the corporate networks, either. Still, if you have to have email, either take the company hardware and deal with that issue (better) or use your own hardware and deal with remote wipe (worse option). Most people prefer carrying around just their iPhone instead of iPhone+Blackberry, though.

Re:we have the same policy at work (0)

Anonymous Coward | more than 3 years ago | (#34325032)

The problem is that people don't want to use the phone provided to them by the company. We have waaaaaaay to many people here that bitch about having to carry 2 phones or complain that they want an iPhone and not a blackberry.

I basically tell people, sorry no we are not going to setup your personal phone with work email. If they run to Finance or HR, I make damn well sure that they understand the risks. Even with Remote wipe capability there is no guarantee that the device will be wiped, or that the data wont somehow be recovered.

And before you ask, yes I do carry 2 phones. I like to keep my work and personal life separate, especially because you never know when you might get laid off.

Re:we have the same policy at work (0)

Anonymous Coward | more than 3 years ago | (#34324690)

Yup. That needs to be made selective and only destroy company owned data (property) though.

Meanwhile I'm sure it'll be explained to employees & contract workers* as only a safety for loss and theft, and most employees & contract workers will opt-in to have their personal data wiped by the same service. Meaning there won't be much call to get separation made a feature unless there's a couple of ugly court cases.

* ...& clients? Upscale clients in negotiations may well be sent confidential information. This actually opens quite a can of worms about document ownership and _access_rights_ to same on a non-owned system. Are you allowed to break-in to access your own property in the digital world? Can you make network access part of a license agreement on third party systems?

Re:we have the same policy at work (3, Informative)

Monkeedude1212 (1560403) | more than 3 years ago | (#34324732)

We're actually dealing with a bit of backlash from having this policy - on both sides of the issue at the same time!

I'll try to be as vague as possible to cover my butt - but basically someone who deals with Clients for their job was going to be let go. We wiped their phone, as standard policy. Not sure if they copied the data prior to leaving or if another employee helped them out, but they basically took contact information, pricing/quotes, certain client rates, etc etc and took that to help land another job with a competitor.

Being in IT I know that it's going on as basically our "employee lifecycle" has come under review - but I'm not exactly on the legal team so I don't know how exactly it's progressing. But I know basically we pressed charges for selling trade secrets, and they are counter-suing for something along the lines of destruction of personal property for wiping EVERYTHING off of their phone.

I am not aware of any actual "Agreement" to phone wipes besides possibly verbal ones between managers and their employees and/or IT - there isn't a lot of documentation on the subject matter anywhere - however since starting any time anyone has asked "Can you get my email sync'd on my phone?" My common response is "Yes, but you will be handing over control of ALL The phones data to the company so we can wipe it should you be terminated or leave the company, which includes all your personal phone numbers and appointments". I say it not only to actually warn people of the danger - but its actually a great deterrent and a lot of people reconsider and don't want it anymore, less work for me!

Re:we have the same policy at work (2, Funny)

amicusNYCL (1538833) | more than 3 years ago | (#34324802)

From TFA:

Someone in the IT department had sent out what's called a "remote wipe," a kind of auto-destruct command that's delivered by e-mail.

I'm really, really looking forward to the first story we get of an admin accidentally sending the message to a contact list, such as the entire company, and wiping everyone's data from the CEO down. Future computer science students will learn about the lessons of the Therac-25, the Ariane-5 rocket, and the Exchange/smart phone integration that brought a fortune-500 company to a standstill for a week.

*shrug* (1, Insightful)

Anonymous Coward | more than 3 years ago | (#34324744)

You can only remote wipe something which connect to the internet and is not in offline mode. Even all the best iphone ipad, PDA, will not remote wipe if it do not get the remote wipe command. Which would not happen if somebody is motivated enough to cleverly remove any connection capability before going through the mailbox offline mode. And somebody stealiong it and not sophisticated enough to know that would not even care about the data, almost cetrainly. So it is really a useless feature.

Re:we have the same policy at work (1)

steppin_razor_LA (236684) | more than 3 years ago | (#34324792)

Ditto.

If someone wants to connect their personal device to our servers and store corporate data on it, then they must submit to their phone being remote wiped. There have been a few people who have had issue w/ this (i.e. mostly around terminations), but the alternatives (i.e. loss of sensitive data, risk to customers, etc) far exceeds the risk that someone might lose some photos they didn't backup.

Re:we have the same policy at work (2, Interesting)

Hatta (162192) | more than 3 years ago | (#34324900)

We have the same policy and will only allow smart phones to connect to exchange when they have the remote wipe capability. It's to protect the company's interests should a phone be lost or stolen.

Do you have the same policy for PCs?

Re:we have the same policy at work (5, Insightful)

houghi (78078) | more than 3 years ago | (#34324980)

I only give my personal phone to selected people in my company. That would be my boss and with the explicit notice that it is a private number and should only be used in case of emergencies.

If they want me to have a device to connect to their system, they should provide me with one. Just like I expect them to provide a desk and a chair to sit on. Then it is theirs and they can do with it as they please and at the end of employment, they will get it back.

Their device, their rules. My device, my rules.

Backups? (1)

Joehonkie (665142) | more than 3 years ago | (#34324418)

If you keep a ton of data you need on your phone, or anything, you should probably keep backups. There's plenty of ways to have your device wiped out or destroyed.

Bad photoshop? (3, Informative)

bigredradio (631970) | more than 3 years ago | (#34324420)

Is it just me or does the iphone in the picture of the article look really small? Or the person has really large hands?

Re:Bad photoshop? (0, Troll)

cappp (1822388) | more than 3 years ago | (#34324496)

You know what they say about guys with huge hands....makes their dicks look really small in comparison. I guess the same goes for iphones.

- Your sausage-fingered friend

Re:Bad photoshop? (0)

Anonymous Coward | more than 3 years ago | (#34324560)

Remotely wiping your ass?

There's an app for that.

Re:Bad photoshop? (0)

Anonymous Coward | more than 3 years ago | (#34324580)

Is it just me or does the iphone in the picture of the article look really small? Or the person has really large hands?

It's photoshopped. The person's hands aren't white, so there is no way they are holding an iAnything. Just trollkidding. Kinda funny?

Re:Bad photoshop? (1)

theripper (123078) | more than 3 years ago | (#34324914)

I just checked the size of my iPhone versus my hand, the photo has the right ratio.

I feel sorry for your girlfriend/wife.

Provisioning support... (1)

Microlith (54737) | more than 3 years ago | (#34324440)

Sure, any phone or client that supports Exchange Provisioning will allow the server administrator to do it.

Incidentally, I lost access completely to my work's Exchange server after they enabled provisioning, as did everyone using Android. All the iPhone users have access still, and they're all open to being wiped once someone flips the switch.

Re: Going to post as top level comment... but... (4, Informative)

colinnwn (677715) | more than 3 years ago | (#34324626)

Unless your company specifically forbids it, I'd use TouchDown for Android. I've set it up for my mom and it seemed to work ok. I couldn't get her tasks to sync, but I'm sure I could have figured it out with some more effort. The email came down fine. It isn't quite as chic as having everything integrated into the native apps on your phone, but the interface seemed serviceable enough, and it keeps more of a firewall between your work and personal life.

Many companies don't specifically check the client string. If they do, and you really want to, you can masquerade as an iPhone. It supports Exchange remote wipe (but only for the TouchDown data store), all your personal data on the phone will be unaffected. I have Prey on my phone to wipe my personal data in case it gets stolen.

Re: Going to post as top level comment... but... (1)

Microlith (54737) | more than 3 years ago | (#34325026)

I'll forward the TouchDown recommendation on to my co-workers that are using Android, however most of them are beta-testing software in development here (system level stuff) so they tend to get their devices reset frequently. I use an N900, so there's no real options for me short of my employer buying me a device, or reverse engineering the ActiveSync protocol such that I can lie and claim I support provisioning when I don't.

Gosh. What a surprise. (1, Insightful)

growse (928427) | more than 3 years ago | (#34324456)

Company asserts remote-wipe control over devices that access company systems and data. News at 11.

Re:Gosh. What a surprise. (1)

amicusNYCL (1538833) | more than 3 years ago | (#34324912)

You think this goes on all the time, huh? Do you have a laptop? Can you use your laptop to connect via VPN or wifi (or even wired) to your company's network? Does your company have the ability to delete all data on your laptop's hard drive remotely?

Re:Gosh. What a surprise. (0)

Anonymous Coward | more than 3 years ago | (#34324992)

> Company asserts remote-wipe control over devices that access company systems and data. News at 11.

Well, this was a *personal* phone and all you have to do is set it up to read email from MS Exchange. I think it's fair to think that that could be surprising to many people. While many businesses do make this clear, and there are legitimate reasons to do this, people should be clear on what they're signing up for. And in the case of personal devices, offered some assistance in backing up their personal stuff.

Nonsense (4, Interesting)

Anonymous Coward | more than 3 years ago | (#34324462)

Wiping someones personal data is a felony. I think it likely that the employer prosecute if the tables were turned. Hacking tools are illegal in some jusridictions, I think anything providing this level of unauthorised access would be illegal under German law. Guess they don't use exchange there?

Re:Nonsense (1)

tsj5j (1159013) | more than 3 years ago | (#34324618)

Would you prefer to be sued over loss of company data/secrets/etc in the event that you lose your phone?

I would say that this is perfectly reasonable provided they let you know in advance.
They aren't reading your personal data, they are simply given the ability to delete it when you are no longer an employee, or you lose your phone.

It's also good to note that iTunes automatically backs up your phone/pad/touch device.
So that actually covers the "keep a backup" part of the argument.

Re:Nonsense (1)

causality (777677) | more than 3 years ago | (#34324668)

Would you prefer to be sued over loss of company data/secrets/etc in the event that you lose your phone?

If I ran a company and were truly worried about this, I'd have all sensitive data stored on a secure server that can be accessed remotely. Of course some care would need to go into how this is implemented but it can certainly be done.

It's amazing how infrequently you feel a need to litigate when you put a little thought into things.

Re:Nonsense (1)

Tordre (1447083) | more than 3 years ago | (#34324886)

Would you prefer to be sued over loss of company data/secrets/etc in the event that you lose your phone?

If I ran a company and were truly worried about this, I'd have all sensitive data stored on a secure server that can be accessed remotely. Of course some care would need to go into how this is implemented but it can certainly be done.

your comment says little, essentially exchange is your secure server, e-mails are your sensitive data and the iphone is your remote device. You cannot control what the remote device logs into its own memory so its loss will have confidential data that your server cannot protect.

Aside from the remote wipe system how else do you propose one secure the data on remote devices that your vague system allows.

High and low levels of the "rule of law" (1)

davecb (6526) | more than 3 years ago | (#34324808)

She was in the 'States, which tends to ignore minor crimes and expect the victim to sue/shoot the culprit (;-))

You're better off in Germany, and the Americans are better off than some of the third world, where our American cousins and we send volunteers to teach the concept of the rule of Law, as in http://www.lawyerswithoutborders.org/Pages/Default.aspx [lawyerswit...orders.org]

--dave

Re:Nonsense (1)

jblakely (1312879) | more than 3 years ago | (#34324866)

I typically don't feel the need to flame, but wow: I don't know about the icrap devices, but in the ms phone world, your actually forced to acccept the terms of activesync in order to setup sync. and at any rate, there is no way that a simple security feature would be construed as "hacking" would german law also object to the blackberry, 10 wrong passwords and the device wipes? *disclamer, I'm a windows and exchange admin*

um..... (0)

Anonymous Coward | more than 3 years ago | (#34324484)

She held it wrong?

Common knowledge for admins (1)

Jazz-Masta (240659) | more than 3 years ago | (#34324492)

This is common knowledge for most System Administrators (or should be).

With Blackberry, you can remote wipe, or just lock the device and change the password. The iPhone can be wiped.

By default, whenever you connect your iPhone to your computer it does a backup/sync. Blackberry does not.

Most companies I know first lock the device with a new password, and give the user a chance to bring the phone in (or a # of days before it is remote wiped).

If a company is unwilling to provide you with a phone for work, then you should not have your work email on it. If there is some form of bill reimbursement, there should also be clear terms as to who owns the device, and what can be done to it in the event of quitting/firing.

Employees should be made aware of what is possible, including the ability to remote backup user data (so they know not to store questionable content on the phone).

Re:Common knowledge for admins (1)

Wyatt Earp (1029) | more than 3 years ago | (#34324704)

"By default, whenever you connect your iPhone to your computer it does a backup/sync. Blackberry does not."

It does not backup/sync everything, it is set to open iTunes and gives you the option to sync/backup but the default setting is not a complete backup/sync.

If you have photos it will also open iPhoto or Aperture and give you the option to backup, but it doesn't do the backup automatically.

http://support.apple.com/kb/ht1386 [apple.com]

Re:Common knowledge for admins (0)

Anonymous Coward | more than 3 years ago | (#34325096)

>> By default, whenever you connect your iPhone to your computer it does a backup/sync. Blackberry does not.

This is why no iphone user has any merit in anything he/she says - especially technically.

Thank MS (0)

Anonymous Coward | more than 3 years ago | (#34324498)

You are of course aware that MS is no longer licensing Exchange to smartphone manufacturers unless they allow administrative remote wiping...right?

Lesson learned (0)

commodore64_love (1445365) | more than 3 years ago | (#34324508)

Don't integrate as it gives power to strangers to wipe your gadgets (or possibly even read them).

Kinda similar to how back in the 80s a friend asked my password, and he decided to "teach" me a lesson by entering my BBS account and changing it. I thought I could trust a 10-year-long friend but after that event, I demoted all my friends to strangers and don't give them squat. "Trust No One"

"apology is policy"

Security Admins love stupid user tricks (0)

Anonymous Coward | more than 3 years ago | (#34324514)

Guess what, they can read your email too.

No brainer (1)

shoehornjob (1632387) | more than 3 years ago | (#34324518)

You'd be crazy to use your own phone for work related email or any other tasks. Work and business don't mix and this is a perfect example of that.

Cha-ching! (1)

Citizen of Earth (569446) | more than 3 years ago | (#34324520)

Tell them to pay you $10,000 for your troubles or you will be suing them and pressing criminal charges for hacking your phone.

Re:Cha-ching! (1)

amicusNYCL (1538833) | more than 3 years ago | (#34324688)

I'm assuming the response will be a curt letter informing you to read the agreement that you already agreed to, with said agreement attached, including an invoice for the lawyer's time to draft the letter and send it. Thanks for your business.

What, you mean you didn't read the EULA? Whose fault is that? Is that the company's fault?

Re:Cha-ching! (1)

swanzilla (1458281) | more than 3 years ago | (#34324728)

Tell them to pay you $10,000 for your troubles or you will be suing them and pressing criminal charges for hacking your phone.

Great idea. Unless of course the company has a legal department, or access to an attorney. There is a reason you have to sign a contract, agreeing to the terms/policies of your employer.

N900 FTW. (0)

Anonymous Coward | more than 3 years ago | (#34324536)

You actually get to own it after purchase.

Re:N900 FTW. (0)

Anonymous Coward | more than 3 years ago | (#34324754)

Is it definitely the case that the N900 has no remote wipe (or similar) features?

I have an N900 and that was the first thing I thought of when I saw this article.

I've been that Exchange Administrator before... (1)

hawks5999 (588198) | more than 3 years ago | (#34324546)

...and despite communicating the company policy regarding separation and removal of company data from devices, I've still had to hear the distraught cries from people who lost pictures of their kids, personal emails, etc. It seems excessive that Exchange Remote Wipe destroys data across the whole device (eg Pictures, Notes, other email accounts). I don't know if that is something Microsoft or Apple has to fix but it needs a fix. I'm happy to not be in that role now.

Re:I've been that Exchange Administrator before... (1)

hedwards (940851) | more than 3 years ago | (#34324710)

I think the problem is that the company property isn't restricted to access by approved utilities. As much as I hate the TPM chip it does have it's place and in situations like this it's a reasonable way of handling it.

However, the general picture of it is that companies shouldn't allow employees to use their own devices on the company network, it really muddies the line as to what the employer does and does not own in a way can lead to problems for everybody involved.

The surprise is in the scope (5, Insightful)

RollingThunder (88952) | more than 3 years ago | (#34324548)

I don't think most folks are shocked at the remote wipe capability - they just expected that it would be confined to the exchange data only, not the MP3's, games, photos, etc.

Re:The surprise is in the scope (1)

fermion (181285) | more than 3 years ago | (#34325042)

Which is what I was surprised about. If I connect to company email, then the company has the right to wipe the email.

Sure, a person may have company documents on the phone, and therefore it is safest for the entire phone to wiped, but one thing mentioned in the program was that the reason they do is not only to protect against theft, but also against employee misconduct. A remote wipe does not protect insider misconduct. As long as the phone is backed up, the contents can be restored and secrets exposed.

In fact, if the phone is backed up, it can potentially restored to an unfreindly device and company secrets exposed that way.

This was a mistake, but it does show a weakness in the megacorporate world. No one can trust the employees, so extreme measures must be taken. Likewise, no one can trust the faceless employers, hiding behind impersonal draconian waivers. There is no incentive to do a better job if one is just going have resources taken away, then the people responsible say they are not responsible because of some piece of paper. There is no reason for an employee to introduce effeciencies if old patterns are going to kill the effeciencies.

If you don't want this happening... (4, Informative)

rennerik (1256370) | more than 3 years ago | (#34324596)

... use IMAP. Connecting to Exchange via IMAP doesn't enable remote wipe, but still allows you to access your mail and get access to the GAL.

But honestly, if you're needing access to a company's Exchange server, there's no reason why the company can't enforce a security policy, like a PIN or password on your phone, or remote wipe capabilities. There may be sensitive data in your emails or in your contact list, that should not be accessed on a device which has no protection (or even weak protection like a PIN). It's in the best interest of the organization to be able to remotely-wipe a device connected to their Exchange server.

That being said, if you don't want to give the company access to do that to your phone, then don't connect to Exchange. If IMAP isn't enabled, then you have to take the tradeoff.

Turning the tables (0)

Anonymous Coward | more than 3 years ago | (#34324832)

But honestly, if you're needing access to a company's Exchange server, there's no reason why the company can't enforce a security policy, like a PIN or password on your phone, or remote wipe capabilities. There may be sensitive data in your emails or in your contact list, that should not be accessed on a device which has no protection (or even weak protection like a PIN). It's in the best interest of the organization to be able to remotely-wipe a device connected to their Exchange server.

But honestly, if the company needs access to your phone, there's no reason why you can't enforce a security policy, like ... remote wipe capabilities. There may be private data in your phone or in your contact list, that should not be accessed by the company... It's your best interest of to be able to remotely-wipe a company connecting to your phone.

Just because you access company mail with your phone does not mean that the company should be allowd to wipe your phone - or that you should be allowd to wipe the company server...

Re:If you don't want this happening... (1)

steppin_razor_LA (236684) | more than 3 years ago | (#34324858)

And that is why server admins shouldn't (and typically do not) enable IMAP. :)

Re:If you don't want this happening... (1)

amicusNYCL (1538833) | more than 3 years ago | (#34324998)

So that's why I met so much resistance when I was setting up a script to automatically check and process mail over IMAP. I thought it was still a standard default thing, but the server admin, who can design and set up entire Exchange systems, virtual servers, entire VPN infrastructures, etc, seemed confused when I asked him to enable and test IMAP.

Is there some major flaw in IMAP, or has Microsoft simply already embraced and extended it, and now they're moving on with phase 3?

Re:If you don't want this happening... (0)

Anonymous Coward | more than 3 years ago | (#34324920)

Or better yet run z-push http://z-push.sourceforge.net/soswp/ on your own server and allow z-push to get your corporate email via IMAP. The phone connects to z-push over the active sync protocol so it's like you are connected to Exchange, yet you are insulated from these nefarious deletion tricks.

Re:If you don't want this happening... (1)

Balthisar (649688) | more than 3 years ago | (#34324956)

My company still runs old Exchange servers (hell, we still run XP and until last month, IE6). We *do* have an official iPhone app for accessing the Exchange servers, though. Wow, does it *suck*! Luckily we have a lot of Unix boxes that need email access, so IMAP is enabled. When on the company WIFI, IMAP is good enough. When off the company WIFI, SecureID is just an extra step.

Keep (1, Interesting)

Anonymous Coward | more than 3 years ago | (#34324636)

Keep personal items and work items separate. CRAZY I KNOW.

Our university is even worse... (4, Interesting)

Rhywden (1940872) | more than 3 years ago | (#34324644)

... they're using an Exchange-Server for all the students' email. Fun parts include: You're only able to install a Forwarding rule if you use the Internet Explorer (otherwise the button for rules is simply not there - something their FAQ omits.) SMTP does not work at all for some strange reason. I finally tried to configure my Android phone to use the Exchange account as an additional email account. That worked. However, whenever the screen went black to conserve power, I had to reenter my Exchange password to unlock the phone! With a nontrivial password containing special characters, numbers, small and big letters at a length of 10 characters, this became a serious pain in the ass. Normally, to unlock the phone I just have to swipe the on-screen button from right to left. Needless to say, I quickly removed the Exchange account. And it was only a month later that I actually got an answer from them regarding my problems. So, if our university of incompetent morons Exchange server means that they could erase my data, I won't touch their offering with a ten-feet pole. Fun fact: They're "offering" a user administration tool for all the dorms' routers based on PHP. This little "tool" does an include of remote PHP files based on the unsanitized GET request data. As a plus, this tool has to be run as root. Which means that any disgruntled dorm administrator could do a pretty powerful attack on nearly the whole dorm network infrastructure.

Re:Our university is even worse... (0)

Anonymous Coward | more than 3 years ago | (#34324988)

... they're using an Exchange-Server for all the students' email. Fun parts include: You're only able to install a Forwarding rule if you use the Internet Explorer (otherwise the button for rules is simply not there - something their FAQ omits.) SMTP does not work at all for some strange reason. I finally tried to configure my Android phone to use the Exchange account as an additional email account. That worked. However, whenever the screen went black to conserve power, I had to reenter my Exchange password to unlock the phone! With a nontrivial password containing special characters, numbers, small and big letters at a length of 10 characters, this became a serious pain in the ass. Normally, to unlock the phone I just have to swipe the on-screen button from right to left. Needless to say, I quickly removed the Exchange account. And it was only a month later that I actually got an answer from them regarding my problems. So, if our university of incompetent morons Exchange server means that they could erase my data, I won't touch their offering with a ten-feet pole. Fun fact: They're "offering" a user administration tool for all the dorms' routers based on PHP. This little "tool" does an include of remote PHP files based on the unsanitized GET request data. As a plus, this tool has to be run as root. Which means that any disgruntled dorm administrator could do a pretty powerful attack on nearly the whole dorm network infrastructure.

Find a different university. ASAP.

Re:Our university is even worse... (2, Funny)

amicusNYCL (1538833) | more than 3 years ago | (#34325018)

This little "tool" does an include of remote PHP files based on the unsanitized GET request data.

I don't believe that for a second. ..could you provide a URL to back up your claim?

Re:Our university is even worse... (0)

Anonymous Coward | more than 3 years ago | (#34325084)

The being required to use IE to see the full-featured Outlook Web Access is because they're using either Exchange 2003 or 2007. Purely a Microsoft thing that restricts access to features based on browser.

Exchange 2010 allows full use of OWA (with all forwarding options, etc) on any capable browser.

Call me crazy, but... (1)

KublaiKhan (522918) | more than 3 years ago | (#34324654)

...why would you use your own resources to access company resources?

If the company intends for you to be accessible via email remotely, then they can damn well supply you with the means to be accessible via email when out of the office.

Unless you get paid for the use of your own resources (and reimbursed for the cost of obtaining them) then there is no sane reason why you would use them.

So with google sync... (0)

Anonymous Coward | more than 3 years ago | (#34324694)

Google could wipe all the data on iphones configured to sync with gmail, calendar and contacts. Good thing they 'do no evil'! http://www.google.com/support/mobile/bin/answer.py?answer=138740&topic=14252

Data loss != Bricked (1)

wiredlogic (135348) | more than 3 years ago | (#34324702)

It wasn't "not bricked" because the data was restorable from backup. The iPhone was still completely functional after the data wipe hence it was "not bricked" because nothing was done to render it inoperable, even without a backup.

Connecting a personal device to a work network (1)

idontgno (624372) | more than 3 years ago | (#34324708)

was the first mistake.

If your employer wants you to read work email on a mobile device, make them issue one.

Don't run your personal mobile's wireless through the company access points. Use your damn 3g/4g data plan for that.

Seriously. If it's your data, your employer has no business going anywhere near it or the devices that contain it, and you don't let them get that impression by never giving them a sniff of the thing.

Re:Connecting a personal device to a work network (1)

PhunkySchtuff (208108) | more than 3 years ago | (#34324814)

was the first mistake.

If your employer wants you to read work email on a mobile device, make them issue one.

Don't run your personal mobile's wireless through the company access points. Use your damn 3g/4g data plan for that.

Seriously. If it's your data, your employer has no business going anywhere near it or the devices that contain it, and you don't let them get that impression by never giving them a sniff of the thing.

It doesn't matter how you are accesing your data - whether it's over the corporate WLAN or via 3G - if you have your phone configured as an ActiveSync client, it can be remote wiped from the server. Apple had to include this feature as it's part of the spec for ActiveSync, which they licensed from Microsoft. No amount of accessing data over a corporate (or any) network will give them the access to wipe your phone, unless you have an ActiveSync account configured.

If you don't want your employer to wipe your phone, don't configure your email account as an Exchange ActiveSync account.

Re:Connecting a personal device to a work network (1)

steppin_razor_LA (236684) | more than 3 years ago | (#34324868)

Many people would prefer to not carry two devices and would rather submit their personal device to the corporate rules. There is no "cake and eat it too" scenario here -- just informed user decision.

You can disable this on Android (0)

Anonymous Coward | more than 3 years ago | (#34324762)

If your on android you can patch this out of the email client:
http://forum.xda-developers.com/archive/index.php/t-729753.html

I did this on my (Droid1) phone and it worked perfectly.... I did test a remote wipe and nothing happened on my phone.

Automatic Backups are standard on iOS devices (1)

PhunkySchtuff (208108) | more than 3 years ago | (#34324786)

he phone wasn't bricked, even though absolutely all of its data was wiped, because the data could be restored from backup, assuming that someone had remembered to make one.

Simply by plugging your device into iTunes, it automatically makes a backup. This is something you can turn off if you really try, but by default making a backup is a standard part of the sync process with iTunes.

Personal is personal, and business is business... (1)

Local ID10T (790134) | more than 3 years ago | (#34324864)

If you don't want to risk such things happening, don't mix business and personal.

Laptop, VPN, Cell Phone, etc. Keep your life separate from your work. Don't do work on personal equipment, and don't use work equipment for things you want kept private.

If you chose to mix them (for convenience) then understand the risk.

Android too. (1)

taer (31134) | more than 3 years ago | (#34324948)

Shouldn't it be just an option to remote wipe the exchange store? Why force a pin lock on the phone, and remote wipe it? Why not just pin lock the app and remote wipe the email store instead? This applies to Android too. My phone forced me to pick a pin lock because someone in IT checked a box over the weekend. I immediately removed corporate email from the phone.

Duuuuuuhhhhhh.... (0)

Anonymous Coward | more than 3 years ago | (#34324952)

Why would ANYONE allow their personal device to touch the Exchange Server, BES or whatever? If you do that you should know that EVERYTHING you do on said device can and will be viewed by the Exchange/ BES admins.

Re:Duuuuuuhhhhhh.... (1)

0123456 (636235) | more than 3 years ago | (#34325058)

Why would ANYONE allow their personal device to touch the Exchange Server, BES or whatever?

Because most people don't expect that reading email allows people to remotely wipe their phone?

No different than with Blackberries (1)

nuckfuts (690967) | more than 3 years ago | (#34325108)

Blackberry Enterprise Server and Blackberry Enterprise Server Express have the exact same capability to remotely wipe all data from an employee's Blackberry phone.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...