DROID-Recovery

advertisement
Android Data Confidentiality
Alex Mayer
University of Houston
Abstract
DesDROID Flash Disk Application
Employees are increasingly relying on mobile devices to perform daily job
functions. Today's mobile devices are what connect the employee back to
the office. Confidential company information remains on the mobile
devices after they are at the end of their lifecycle. Company’s need to be
able to secure confidential data left on mobile devices in order to meet
security and business policy objectives.
Collection, data cleansing, and disposal of wireless devices. This software
service secures corporate data assets and completes the lifecycle of
individual communications devices in an environmentally responsible
manner, while also providing your organization an opportunity to earn
potential cash rebates based on the device type.
Mobile Device’s in Corporate Environments
•Most, if not all large companies issue mobile devices to their employees
•Mobile devices can connect to any and all information systems used by
companies 1
•Confidential company information is stored on mobile devices and
remains on the devices when they reach the end of their life cycle
•When a mobile device malfunctions, it is important to get into the device
and backup the confidential data and destroy any and all traces of that
data.
•The Android operating system is fast replacing RIM and Windows Mobile
devices which shows in the 3Q of 2010 to own 25% of the market share
Company
Symbian
Android
iOS
Research in Motion
MS Windows Mobile
Linux
Other OS
Units
24480.10
20500.00
13484.40
11908.30
2247.90
1697.10
1214.80
%
36.6
25.5
16.7
14.8
2.8
2.1
1.5
Summary
In order to delete confidential data from the mobile device, I have
created a flash disk compilation of Android software, called DesDROID.
These apps are needed to destroy system and user data on Android
Mobile Operating System 2.1 and 2.2. All the following files will be located
on DesDROID disk, and are apps all free to use.
•
•
•
•
•
Mobile devices are increasingly being utilized by business to help ease the
gap between work and home. Most enterprises currently use some type
of smart device for their employees, consequently the confidentiality of
data on these devices needs to be maintained. As mobile devices become
more important in daily business processes, it is equally important to
ensure information contained on those devices does not get into the
wrong hands. Using DesDROID will positively impact your business by
ensuring confidential data is not lost or stolen. By taking these necessary
steps, your business complies with business standards and reduces
unneeded risk.
Journals and Articles
Root Explorer
SPRecovery
Terminal Emulator
Superuser
Androot
Android Vulnerable To Data Theft Exploit
Google is working to patch a new data-stealing vulnerability that
affects all versions of the Android operating system. 5
Step 1 :: Root the DROID
Run Androot and follow the directions
CIOs See Smart phones As Data Breach Time Bomb
Eight out of 10 CIOs think that using smart phones in the
workplace increases the business's vulnerability to attack, and
rank data breaches as their top related security concern. Yet half
of organizations fail to authenticate their employees' mobile
devices, among other basic security measures. 6
Global Mobile Device Market Share for 2010
1.B
1.A
1.C
**Now the DROID is rooted proceed to step two.
Data loss challenges rise
Organizations are starting to realize the importance
of data protection, but possible routes of data loss have become
complicated and numerous, making countermeasures difficult to
develop. 7
Step 2 :: Run Superuser
Grant Terminal Emulator Root Access
Guidelines on Cell Phone and PDA Security 2
Guidelines for Media Sanitization 8
NIST Standards
2.A
According to NIST, cell phones and personal digital assistants (PDAs) have
become indispensable tools for today's highly mobile workforce. Small
and relatively inexpensive, these devices can be used for many functions,
including sending and receiving electronic mail, storing documents,
delivering presentations, and remotely accessing data. While these
devices provide productivity benefits, they also pose new risks to
organizations. 2
2.B
Step 3 :: Run Console Emulator
Type: su (grants root access to Droid OS)
Type Reboot Recovery (See blue image above)
Step 4 :: SPRecovery (Sir Psychosis Recovery)
Choose “wipe data/factory reset” and run it 7 times
TEMPLATE DESIGN © 2008
www.PosterPresentations.com
1
http://www.boxuk.com/blog/mobile-the-business-case
2
http://csrc.nist.gov/publications/nistpubs/800-124/SP800-124.pdf
3
http://www.springerlink.com/content/6wncpdr8uwgy7h43/
5
http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID
=228400108
6 http://www.informationweek.com/news/hardware/handheld/showArticle.jhtml?articleID=2
Data Remanence Problem
Data remanence is the left over physical data that either has been erased
or overwritten. Since mobile devices use flash for data storage, typically
files are not overwritten due to the nature of how flash disks operate.
There are several methods to retrieve old data from mobile devices, all of
which are not easy and require some technical expertise. However, the
point being that it is possible to retrieve data from mobile devices even
after the data was deleted. 3
References
28300244
7
http://www.itweb.co.za/index.php?option=com_content&view=article&id=37676:data-losschallenges-rise&catid=69&Itemid=58
8 http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf
9 http://windowsphonethoughts.com/news/show/101431/nielsen-reports-on-the-state-of-the-
3
smartphone-market.html
Download