

Location-based data wiping for Android phones - ubasu
http://idealab.talkingpointsmemo.com/2011/10/paging-james-bond-researchers-develop-system-that-wipes-data-based-on-location.php

======
tlb
Location seems like a great input for a security policy if it's reliable
enough. Companies might want to wipe data if a cellphone enters Gawker Media's
or TechCrunch's office. A useful policy would be to wipe data if it enters a
law enforcement agency. It would help protect one's Fourth Amendment rights in
states that allow all data on a smartphone (including email, text, photos,
call history and contacts) to be searched without probable cause.

------
andreiursan
[http://www.engadget.com/2010/06/18/apple-launches-find-my-
ip...](http://www.engadget.com/2010/06/18/apple-launches-find-my-iphone-app/)
funny that nobody commented that iPhone had this :).

~~~
colonelxc
That is not the same thing as what this article is talking about. Remote wipe
has been available for some time through different methods.

What is being done here is an "enterprise" type integration, that data put on
the phone is kept track of and if the phone leaves a "secure" area, then the
tagged data can be automatically wiped.

This enables some different models for wiping that might be more fluid then
the "nuke it from orbit" option. By tagging specific pieces of data as
sensitive (and performing information flow analysis to track wherever that
data gets propogated to), they can target the wiping to just the sensitive
data. So before you even realize a phone is stolen, it can be securely wiped.

Another interesting use case is to automatically wipe the sensitive data
whenever leaving the workplace, or perhaps some radius around work. That way,
whenever you go on travel (or even just home for the day), the sensitive data
is wiped, but say your contacts, personal email, and other app data could be
retained, leaving it as a perfectly functional smartphone, without any of the
company's data to lose.

Holes in their technique include simple attacks like turning the phone off
(and pulling the SD card), but hopefully the sensitive data is also encrypted
whenever it resides on disk.

~~~
welldonemark
Bypasses for this sort of technique seem too obvious to have escaped the
research team. I could be wrong as it's happened before. The article describes
limiting functionality of the device based on location. Perhaps a few of the
more obvious bypasses could be mitigated this way?

The wording strikes me as backwards, though. The device ought to be largely
disabled outside of the facility, nearly useless. Proximity to certain areas
of the facility would enable the device with additional functions (hardware
and software), as well as accessibility to data.

I see this benefitting a negligent user more than deterring a malicious one.

