Android Data Confidentiality Alex Mayer University of Houston Abstract DesDROID Flash Disk Application Employees are increasingly relying on mobile devices to perform daily job functions. Today's mobile devices are what connect the employee back to the office. Confidential company information remains on the mobile devices after they are at the end of their lifecycle. Company’s need to be able to secure confidential data left on mobile devices in order to meet security and business policy objectives. Collection, data cleansing, and disposal of wireless devices. This software service secures corporate data assets and completes the lifecycle of individual communications devices in an environmentally responsible manner, while also providing your organization an opportunity to earn potential cash rebates based on the device type. Mobile Device’s in Corporate Environments •Most, if not all large companies issue mobile devices to their employees •Mobile devices can connect to any and all information systems used by companies 1 •Confidential company information is stored on mobile devices and remains on the devices when they reach the end of their life cycle •When a mobile device malfunctions, it is important to get into the device and backup the confidential data and destroy any and all traces of that data. •The Android operating system is fast replacing RIM and Windows Mobile devices which shows in the 3Q of 2010 to own 25% of the market share Company Symbian Android iOS Research in Motion MS Windows Mobile Linux Other OS Units 24480.10 20500.00 13484.40 11908.30 2247.90 1697.10 1214.80 % 36.6 25.5 16.7 14.8 2.8 2.1 1.5 Summary In order to delete confidential data from the mobile device, I have created a flash disk compilation of Android software, called DesDROID. These apps are needed to destroy system and user data on Android Mobile Operating System 2.1 and 2.2. All the following files will be located on DesDROID disk, and are apps all free to use. • • • • • Mobile devices are increasingly being utilized by business to help ease the gap between work and home. Most enterprises currently use some type of smart device for their employees, consequently the confidentiality of data on these devices needs to be maintained. As mobile devices become more important in daily business processes, it is equally important to ensure information contained on those devices does not get into the wrong hands. Using DesDROID will positively impact your business by ensuring confidential data is not lost or stolen. By taking these necessary steps, your business complies with business standards and reduces unneeded risk. Journals and Articles Root Explorer SPRecovery Terminal Emulator Superuser Androot Android Vulnerable To Data Theft Exploit Google is working to patch a new data-stealing vulnerability that affects all versions of the Android operating system. 5 Step 1 :: Root the DROID Run Androot and follow the directions CIOs See Smart phones As Data Breach Time Bomb Eight out of 10 CIOs think that using smart phones in the workplace increases the business's vulnerability to attack, and rank data breaches as their top related security concern. Yet half of organizations fail to authenticate their employees' mobile devices, among other basic security measures. 6 Global Mobile Device Market Share for 2010 1.B 1.A 1.C **Now the DROID is rooted proceed to step two. Data loss challenges rise Organizations are starting to realize the importance of data protection, but possible routes of data loss have become complicated and numerous, making countermeasures difficult to develop. 7 Step 2 :: Run Superuser Grant Terminal Emulator Root Access Guidelines on Cell Phone and PDA Security 2 Guidelines for Media Sanitization 8 NIST Standards 2.A According to NIST, cell phones and personal digital assistants (PDAs) have become indispensable tools for today's highly mobile workforce. Small and relatively inexpensive, these devices can be used for many functions, including sending and receiving electronic mail, storing documents, delivering presentations, and remotely accessing data. While these devices provide productivity benefits, they also pose new risks to organizations. 2 2.B Step 3 :: Run Console Emulator Type: su (grants root access to Droid OS) Type Reboot Recovery (See blue image above) Step 4 :: SPRecovery (Sir Psychosis Recovery) Choose “wipe data/factory reset” and run it 7 times TEMPLATE DESIGN © 2008 www.PosterPresentations.com 1 http://www.boxuk.com/blog/mobile-the-business-case 2 http://csrc.nist.gov/publications/nistpubs/800-124/SP800-124.pdf 3 http://www.springerlink.com/content/6wncpdr8uwgy7h43/ 5 http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID =228400108 6 http://www.informationweek.com/news/hardware/handheld/showArticle.jhtml?articleID=2 Data Remanence Problem Data remanence is the left over physical data that either has been erased or overwritten. Since mobile devices use flash for data storage, typically files are not overwritten due to the nature of how flash disks operate. There are several methods to retrieve old data from mobile devices, all of which are not easy and require some technical expertise. However, the point being that it is possible to retrieve data from mobile devices even after the data was deleted. 3 References 28300244 7 http://www.itweb.co.za/index.php?option=com_content&view=article&id=37676:data-losschallenges-rise&catid=69&Itemid=58 8 http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf 9 http://windowsphonethoughts.com/news/show/101431/nielsen-reports-on-the-state-of-the- 3 smartphone-market.html