Threat Category: Physical Access
ID: PHY-3
Threat Description: Discarded devices may not be properly erased, potentially exposing the data to anyone that has access to the device after disposal.
Threat Origin
BYOD & Mobile Security 1
Exploit Examples
Who’s Got Your Old Phone’s Data? 2
CVE Examples
Not Applicable
Possible Countermeasures
Use EMM or MDM solutions in combination with devices that successfully enforce data encryption and device lock policies (unlock code set, unlock code strength requirements, auto-locking enabled, and auto-wipe enabled) such that the recovery of data from an improperly retired device becomes highly improbable.
Consider devices containing storage media that successfully implement secure-erase functions such that initiating a device wipe or factory reset is sufficient to render the recovery of any wiped data infeasible.
References
BYOD & Mobile Security, Information Security Community on LinkedIn, Apr. 2016; http://get.skycure.com/hubfs/Reports/BYOD_and_Mobile_Security_Report_2016.pdf [accessed 8/25/2016] ↩
P. Warren, “Who’s Got Your Old Phone’s Data?”, The Guardian, 23 Sept. 2008; www.theguardian.com/technology/2008/sep/25/news.mobilephones [accessed 8/31/2016] ↩