Security News > 2008 > September > Who has your old phone's data?

Who has your old phone's data?
2008-09-29 07:26

http://www.taipeitimes.com/News/feat/archives/2008/09/28/2003424400 [Related: http://www.infosecnews.org/hypermail/0308/8028.html - WK] By Pete Warren THE GUARDIAN, LONDON Sept 28, 2008 Three years ago, Graham Clements - the European managing director of the UK subsidiary of the Japanese packaging multinational Ishida - decided to get rid of his BlackBerry and passed it on to his IT department for recycling. At the start of this month, that BlackBerry was one of the top items on the agenda at the first board meeting that Clements had called since his return from holiday - because it, and the data on it, had come back to haunt him. Instead of being recycled, the BlackBerry, like millions of other mobile devices every year, had been passed on to a company to be sold. On Clements's device were business plans, details of customer relationships, information on the structure of the company, details of his bank accounts and details about his children. And Clements isn't alone. It's almost impossible for the average person to wipe a mobile phone clean: unlike a PC, which has an open architecture, mobile phones are closed books in terms of where data resides. "It has taken us over a year to get talks going with Nokia that now allows us to wipe their phones," says Jon Godfrey, director of Sims Lifecycle Services, which recycles mobiles. "We have to go through a different process with each manufacturer. To wipe it, you have to be able to access all the memory - and manufacturers don't want you to do that for all sorts of commercial reasons." Yet, in the UK for instance, every six months 63,000 phones and around 6,000 PDAs are left in cabs in London alone. At the city's Heathrow airport, 10 phones are handed in every day; one in four has no security and can be turned on by staff. Furthermore, the security of the data on those devices is the responsibility of the person who put it on the phone. It is not illegal to read it; it is up to you to protect it. [...] __________________________________________________ Register now for HITBSecConf2008 - Malaysia! With a new triple-track conference featuring 4 keynote speakers and over 35 international experts, this is the largest network security event in Asia and the Middle East! http://conference.hackinthebox.org/hitbsecconf2008kl/


News URL

http://www.taipeitimes.com/News/feat/archives/2008/09/28/2003424400