Mobile Threat Catalogue

Unauthorized Access via Poor Lifecycle Management


Threat Category: Physical Access


Threat Description: Discarded devices may not be properly erased, potentially exposing the data to anyone that has access to the device after disposal.

Threat Origin

BYOD & Mobile Security 1

Exploit Examples

Who’s Got Your Old Phone’s Data? 2

CVE Examples

Not Applicable

Possible Countermeasures


Use EMM or MDM solutions in combination with devices that successfully enforce data encryption and device lock policies (unlock code set, unlock code strength requirements, auto-locking enabled, and auto-wipe enabled) such that the recovery of data from an improperly retired device becomes highly improbable.

Consider devices containing storage media that successfully implement secure-erase functions such that initiating a device wipe or factory reset is sufficient to render the recovery of any wiped data infeasible.


  1. BYOD & Mobile Security, Information Security Community on LinkedIn, Apr. 2016; [accessed 8/25/2016] 

  2. P. Warren, “Who’s Got Your Old Phone’s Data?”, The Guardian, 23 Sept. 2008; [accessed 8/31/2016]