in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based data and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

AlertBoot Endpoint Security

AlertBoot offers a cloud-based data and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Smartphone Security: Locating Stolen Smart Devices Hit-Or-Miss In Berkeley Police Scandal

How many police officers does it take to find a stolen iPhone that's pinpointing its location?  Apparently, more than ten, if a couple of articles are to be believed, such as one from the theatlantic.com.  It just goes on to prove that a mix of different approaches to security works best, and you've best have a contingency plan in place in case your primary risk-attenuation solution ends up not working.  I mean, there are various ways of achieving smartphone security: why not use them all?

Police Chief's Son Loses Phone from Gym Locker

Ten officers after one measly phone, albeit an oft-desired one.  If you think something's wrong with this picture, it's because it is: the stolen iPhone belonged to the son of the Berkeley Police Chief.  After learning of the phone's disappearance, the chief sent the officers -- who were part of the department's drug task force -- to track it down.

Obviously, the chief is getting a lot of heat for this ill-advised move.  Let's ignore the civics lessons this episode teaches us, though, and concentrate on the technical details. 

The chief's son found that his iPhone was stolen from his "unlocked gym locker."  The device, however, had "Find my iPhone" activated prior to the theft.  "Find my iPhone" is an iOS app provided by Apple (it comes built-in; however, it has to be activated before the device is stolen) that allows one to pinpoint the location of a device, among other things.  The son alerted his father who in turn got police officers to look for the missing device.

The signal showed that the phone was on the move, and perhaps this contributed towards the officers not finding the smartphone.  Officers knocked on doors to see if they could find the phone but ultimately returned empty-handed.

It is being reported by insidebayarea.com that there may exist security reasons for the getting all those detectives searching for the phone as the phone "may have contained personal-information of police department employees."

Oh, Boy, Where to Begin On This One

There are a number of things about this story that jumps at me, some of them own-faceslap inducing.

1. Phone tracking doesn't always work.  There are numerous upon numerous stories and articles of people recovering their phone after activating a smartphone's tracking software.  But, there are also the ones where a phone is tracked but unrecoverable.  Phone tracking, just like any technology is not 100% effective.  A list of potential problems:

    • The phone is turned off, or the SIM card was swapped, so no way to track.
    • The phone is in a building but phone tracking data is two-dimensional.  What are you gonna do, get warrants for 50 apartments?  Good luck with that.
    • GPS and WIFI location is not as accurate as you think they are.  Of the two, GPS is infinitely more precise and accurate.  For civilian applications, GPS precision is 20 meters (66 ft).

2. Unlocked locker.  Really?  A phone (sorry, a mini-computer that masquerades as a voice communications device) was stolen from an unlocked gym locker?  Wow.  What is the world coming to.  Even if you have proper security deployed on your devices, always remember to keep them in secure locations.  It's about minimizing risk.

3. Your kid's phone has police department info on it?  'Nough said.  I mean, what kind of excuse is that for getting a bunch cops to work overtime?  The first rule of data security is to never, ever put sensitive data where it doesn't belong.

Smart phones and tablets can be vectors for data breaches.  You want to prevent those breaches from taking place.  Because there is no silver-bullet that will work all the time, you need to have security in layers, one acting as a backup to the other.  Having a phone tracker is one solution, but also ensure that (a) you keep your devices in secure or safe places (b) never carry more sensitive data than you need to and (c) ensure that encryption is turned on your device and used by setting up a password.

Whatever advice we have on this site for protecting laptops goes double for phones and tablets.


Related Articles and Sites:
http://www.theatlantic.com/technology/archive/2012/05/if-10-berkeley-cops-cant-get-the-chiefs-sons-phone-back-your-vigilante-recovery-wont-work-either/257533/
http://www.insidebayarea.com/top-stories/ci_20675820/berkeley-police-chief-orders-detectives-track-down-sons

 
<Previous Next>

Hospital Disk Encryption: Upper Valley Medical Center Hard Drive Missing

Smartphone Scam: Fake Angry Birds Result in £50,000 Fine

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.