[Related: http://www.infosecnews.org/hypermail/0308/8028.html - WK]
By Pete Warren
THE GUARDIAN, LONDON
Sept 28, 2008
Three years ago, Graham Clements - the European managing director of the
UK subsidiary of the Japanese packaging multinational Ishida - decided
to get rid of his BlackBerry and passed it on to his IT department for
recycling. At the start of this month, that BlackBerry was one of the
top items on the agenda at the first board meeting that Clements had
called since his return from holiday - because it, and the data on it,
had come back to haunt him.
Instead of being recycled, the BlackBerry, like millions of other mobile
devices every year, had been passed on to a company to be sold. On
Clements's device were business plans, details of customer
relationships, information on the structure of the company, details of
his bank accounts and details about his children.
And Clements isn't alone. It's almost impossible for the average person
to wipe a mobile phone clean: unlike a PC, which has an open
architecture, mobile phones are closed books in terms of where data
resides. "It has taken us over a year to get talks going with Nokia that
now allows us to wipe their phones," says Jon Godfrey, director of Sims
Lifecycle Services, which recycles mobiles. "We have to go through a
different process with each manufacturer. To wipe it, you have to be
able to access all the memory - and manufacturers don't want you to do
that for all sorts of commercial reasons."
Yet, in the UK for instance, every six months 63,000 phones and around
6,000 PDAs are left in cabs in London alone. At the city's Heathrow
airport, 10 phones are handed in every day; one in four has no security
and can be turned on by staff. Furthermore, the security of the data on
those devices is the responsibility of the person who put it on the
phone. It is not illegal to read it; it is up to you to protect it.
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!