The Security Implications of Android OS Remote Wiping Tools
Waire, Robert (2017-08-15)
The Security Implications of Android OS Remote Wiping Tools
Waire, Robert
(15.08.2017)
Tätä artikkelia/julkaisua ei ole tallennettu UTUPubiin. Julkaisun tiedoissa voi kuitenkin olla linkki toisaalle tallennettuun artikkeliin / julkaisuun.
Turun yliopisto
Kuvaus
Siirretty Doriasta
Tiivistelmä
Internet access through mobile apps has increased the usage of mobile devices such as smartphones and tablets. With the help of the internet, online banking, social media, gaming, emails and public cloud services such as Dropbox are accessible to mobile users anytime and anywhere. Users want to bring personal devices to the workplace to access enterprise apps, work emails and private cloud services. They require speed and flexibility in carrying out their work. This concept is referred to as Bring Your Own Device (BYOD). This convenience of BYOD can compromise private and sensitive data if a device is lost or stolen.
A hacker with access to a lost or stolen device can acquire confidential data. This can be catastrophic to users and organizations as it can be used to blackmail a user or sold in underground markets. Remote wiping attempts to act as a security mechanism by deleting data such as contacts, text messages, email, documents, photos and videos stored on a device. A device that is remotely wiped is reset to factory defaults.
The motivation for this thesis is to evaluate the effectiveness of remote wiping tools in securely deleting data stored in the internal memory of a mobile device. This is demonstrated by remotely wiping data from two devices running Android operating system using Mobile Device Management(MDM)software. A physical image of the internal memory of the devices is created, analysed and deleted data recovered using open source mobile forensic tools.
The thesis also provides an analysis of experimental findings and discussion of various attack vectors that can be carried out by a hacker in the context of the University of Turku (UTU) as a BYOD environment. An existing method to prevent data leakage, Full Disk Encryption (FDE), is presented. Finally, an overview of different methods for an effective data wipe are proposed.
A hacker with access to a lost or stolen device can acquire confidential data. This can be catastrophic to users and organizations as it can be used to blackmail a user or sold in underground markets. Remote wiping attempts to act as a security mechanism by deleting data such as contacts, text messages, email, documents, photos and videos stored on a device. A device that is remotely wiped is reset to factory defaults.
The motivation for this thesis is to evaluate the effectiveness of remote wiping tools in securely deleting data stored in the internal memory of a mobile device. This is demonstrated by remotely wiping data from two devices running Android operating system using Mobile Device Management(MDM)software. A physical image of the internal memory of the devices is created, analysed and deleted data recovered using open source mobile forensic tools.
The thesis also provides an analysis of experimental findings and discussion of various attack vectors that can be carried out by a hacker in the context of the University of Turku (UTU) as a BYOD environment. An existing method to prevent data leakage, Full Disk Encryption (FDE), is presented. Finally, an overview of different methods for an effective data wipe are proposed.