03 July 2008

Remote wipe

On a weekly basis, users are suggesting a remote wipe functionality for Undercover. In short, this means that we can remotely wipe all files on a Mac if it has been reported stolen. At first, this sounds like a great feature, as laptops are increasingly used as a desktop replacement, often containing sensitive data.

We have thought a lot about remote wipe and there is one major problem with it: the wipe is postponed until the stolen Mac is connected to the internet. There is no way to tell a Mac to delete all its files if you can't talk to it. This means that a thief has access to all data on the Mac until he goes online with the stolen Mac. On average, it takes about ten (10!) days for a stolen Mac to be connected to the internet for the first time, giving thieves plenty of time to view all files and copy them if they are after specific sensitive files. If the information is really confidential, this is totally unacceptable.

Remote wipe is only useful when executed immediately after the theft. This would require a permanent network connection, such as with a cell phone, which is almost continuously connected to its carrier's network. In such a scenario, remote wipe does make sense. However, if the connection isn't permanent as it is on a Mac, remote wipe is just a marketing trick that does not offer any real value. If your Mac contains sensitive data, we highly recommend other security measures, such as encryption (e.g. using FileVault).