Sammyc53

What's the big deal? This is how it's supposed to work. That's how it works on WinMOb, Goodlink, iPhone, etc.

It's a great feature.

mooshue

Not everyone is just a naive everyday user with no sense of security or how electronics work. There are some of us who are responsible for implementing security measures when you decide to do something stupid so we can keep our companies running.

Remote/mobile wipe is essential as an admin when you work for a company with sensitive info. It is, and rightly so, a feature of exchange as well as blackberry server.
If you go out and loose your phone at a club, and it syncs with your company server, the person that finds it now has access to all of your (company's) info, lets face it, it isn't your info if you are storing it on a company's server, its the company's info and they can do what they wish. You should recall signing a policy on hire regarding such things.

jrstinkfish

If your information is that sensitive, you probably shouldn't let people carry it around on their phones in the first place. Just sayin' ...

ScrapMaker

In what real-world scenario would your phone need to be remotely-wiped, if you didn't lose it?

I suppose if you were fired from a company, and you were using your personal phone, I could see that happening.

I would suggest removing the Exchange account before you get fired

oh, and on another note, don't anger your IT administrators, we can really, really, make your life a living hell, and you probably wouldn't even know it was because of us... that's the best part, muahaha

"MOVE!"

__________________
no 'Thanks'

DKatman

I am not the EAS expert. But I have to say, if you removed that account, you are breaking the connection the Exchange Administrator has to the phone. You should not be able to wipe a device no longer associated with your server.

Dave

ScrapMaker

Correct.

I believe the hypothetical scenario here is this:
1. IT flags your device, because you are fired, or they are 'jerks.'
2. Your phone erases all contents.
3. You enter your Palm username and password, the phone attempts to connect to the Exchange server, and repeats the cycle automatically without your input.

Break the cycle by putting it in Airplane mode possibly, but I have not tried this.

__________________
no 'Thanks'

DKatman

ScrapMaker,

I understand what you are talking about.

I just got distracted and slowed down responding to THIS post. It just looked like I was responding to you because my response was so delayed.


Your scenario is different. But I have had the same issue with a BES. I mean, if I set it to "Kill" as the admin and the phone has been off for three days, do i connect the new blackberry they bought and nullify the kill? Or do i wait for it to set?

With EAS, It is different because you don't supply a password to allow someone to connect. They are enabled are disabled and use their Network info to connect. I think as the admin, you just have to have the responsibility to turn it off when someone tries to reconnect via their backup....or just setting up a new connection. And yes, sometimes the user will have to wait until after the weekend so the Kill can be disabled. And sometimes we have to have that little talk about taking care of your things too and not leaving them in a cab. If there is really a reason to "kill", yes, it might be a little uncomfortable before things get back to normal.

If there is an admin who thinks they are allowed to kill people's devices for sport, chances are they are ready to "retire" from the profession. There are lots of things Admins CAN do. Actually DOING them is much different. As I have said to users, "You either trust me or you fire me. If you don't trust me, you can't afford for me to be able to do the things I can do."

Dave

DKatman

I would say at very worste, you would have to show them the phone to prove it erased. However, I imagine they could see the log that it had in fact erased. From there, they choose "delete" to severe the partnership to their server. They are done and it no longer has any control over the device.

Refusing to do so is just plain silly. It really is funny how often IT is needed to step in for Human Resource issues. There is no way any Admin worth anything is doing anything stupid to put their entire company at serious risk by not letting someone control their own cell phone. Sure, it is becomes a bad weekend, it is maddening. But it wouldn't last long. I would think it would be FAR less than that. I was really thinking a worste case scenario.

Dave

mooshue

owner of my company lost his blackberry, i used kill immediately on bes server, it was successfully wiped. it was left at another competing company's conference room. All they had to do is pick it up, and start reading.

This pre looks to be way easier to swipe data off of than the blackberry is. At least with blackberry you would have to do a few things, install bberry desktop manager, do a backup of the phone, open the backup file and export it with a certain little app, view all data.

DKatman

You are stating his same point, right? He was suggesting how you only need to wipe if a device is lost and you told a story of wiping a lost BlackBerry.

BTW - How is it "easier" to swipe data from a Pre than a BlackBerry, assuming the same security (Both do or don't have passwords)?

Whenever I have attached a Blackberry to a desktop manager, it will ask me for the password to do anything to it.

Whenever I have picked up any device without a password, I can just look at anything I want.

Dave

ScrapMaker

The only scenario where I could see this being annoying would be if you got fired or laid-off.

In that example, they would send the wipe command, then they would remove your account, possibly after waiting for wipe-verification.

The "endless-loop" scenario is highly unlikely, since as soon as your Palm profile tries to load the Exchange account, your credentials will just fail---no wipe will occur.

__________________
no 'Thanks'

ScrapMaker

This makes me want to migrate my contacts/calendar to my family's private Exchange server... but I'm too lazy, and I love how integrated everything is with my job. I just make sure to back up everything on a regular basis, just in case we downsize or something.

__________________
no 'Thanks'

zeravla531

You really have no sense of how the business world (or government world) works. People high up in these businesses and governements use Blackberry's, and by nature of the job, the Blackberry is a tool that they use to transmit and discuss sensitive information about upcoming products, sales, threats, etc.


Imagine the director of the FBI left is Blackberry on a train or in a taxi.

Or the CEO of Honda.

Now you realize how important the remote wipe or kill pill is.

__________________
"Last edited by ChappyEight; 09/24/2009 at 11:51 AM. Reason: To bow to zeravla."

jrstinkfish

Yes, and most of the people who use these phones are not the people you described. I'm just a lowly programmer for a bank. Nothing I receive from Exchange is sensitive in any way, yet they want to lock down my phone as if I'm the CEO.

I've got no problem with the ability to remote wipe a phone though -- just saying sensitive data should not actually reside on the phone if it's a problem. Sure, you can wipe it, but for someone with proper skills, the time between the realization that the phone is gone and the command to wipe is executed, you've probably already been screwed.

mejifair

Question - What happens if I lose my phone and go buy another one from Sprint? Will the remote wipe still do the endless loop on the new phone once I put in my profile password? How does one get legitimately back into the EAS data once the remote wipe command has been switched on? Does the EAS admin have to turn it back off again?

I would think that once a phone swap has been done there would be no way to sign into the stolen Pre again since the profile is associated with the phones ID, correct?

hparsons

Of course there's no warning. Think about the security purposes of what this process is doing. Do you reall think a warning is appropriate?

Dear Thief. This is a warning. All information, including confidential files we don't want you to have access to, as well as customer, client, and employee information on this phone, is about to be erased. This is done over the air, and if you disconnect wireless connections immediately, the wipe will be averted. We trust that you will act appropriately...

hparsons

I'm going to guess that you're not a professional IT person. Believe it or not, it's a relatively small community; and even those that have strong ... personality preferences ... understands how abusing technology hurts everyone. An action like what you're describing would likely follow the IT person for a long time, and could easily be a career-killer.

hparsons

Don't mean to sound like I'm flaming, but that's simply a naive statement. Corporate email, email lists, all of these things are sensitive informatioin. While it may not seem important to you, they are. We're not talking about the obviously sensitive stuff, like say an email that's talking about the upcoming corporate restructuring, but something as simple as the corporate employee information. You might not think a comprehensive list of all of your company's sales force is "confidential", but trust me, a headhunter would love to have it, and your HR department would hate them getting it.

DKatman

I looked at my info in the Mobile admin website for our exchange. I did need to exchange a couple of Pres. I wiped them by hand in the store. I saw all three (including my current) Pre listed in order as having partnerships with the server. It also showed the last date they were connected. Each device ID could be wiped or deleted (removing the partnership) individually. As I was there, I went ahead and removed the partnership, as I should have done a month before. But it would sure seem that the Wipe command would follow that device.

I would think you would be safe.

Dave