03 July 2008

Remote wipe

On a weekly basis, users are suggesting a remote wipe functionality for Undercover. In short, this means that we can remotely wipe all files on a Mac if it has been reported stolen. At first, this sounds like a great feature, as laptops are increasingly used as a desktop replacement, often containing sensitive data.

We have thought a lot about remote wipe and there is one major problem with it: the wipe is postponed until the stolen Mac is connected to the internet. There is no way to tell a Mac to delete all its files if you can't talk to it. This means that a thief has access to all data on the Mac until he goes online with the stolen Mac. On average, it takes about ten (10!) days for a stolen Mac to be connected to the internet for the first time, giving thieves plenty of time to view all files and copy them if they are after specific sensitive files. If the information is really confidential, this is totally unacceptable.

Remote wipe is only useful when executed immediately after the theft. This would require a permanent network connection, such as with a cell phone, which is almost continuously connected to its carrier's network. In such a scenario, remote wipe does make sense. However, if the connection isn't permanent as it is on a Mac, remote wipe is just a marketing trick that does not offer any real value. If your Mac contains sensitive data, we highly recommend other security measures, such as encryption (e.g. using FileVault).

7 comments:

Anonymous said...

I completely agree. It's better to create a password-protected account or whatever... By the way, when the following version of Undercover is coming?

tabaks said...

Any news on the iPhone field. your hints were much louder than the silence ever since.

Hendrik said...

slobodan: Background processes are not supported on the iPhone. So the thief would have to manually start the Undercover application.

tabaks said...

P.S. You don't have to post my previous message if you find it interesting and want to develop further without revealing its idea... 8^)))))

tabaks said...

P.P.P.S. And, the app could be a game...a thief would lie to try out... 8^))))

Anonymous said...

The only downside is that FileVault and Time Machine don't get along, and when it comes right down to it, most users prefer simple and painless backups to full security.

Hopefully, TrueCrypt will port whole-disk encryption to Mac OS X… they're already half there. Then we can have our security cake, and backup it up, too.

Anonymous said...

Sadly, I agree. Unfortunately, I don't trust FileVault. A friend (senior sysadmin at Earthlink) tested it and quickly disabled it due to reliability problems. My main concern with the stolen laptop is having bad data get synced or backed up. Sure I can unregister the computer, but knowing that the data will disappear the first time the computer's connected to the Internet is at least a little more comforting. A determined thief may be able to get my data, but the more clueless one will at least have less of a chance to stumble across it. Not sure that justifies adding the feature (I'm a big believer in "keep it simple" and "faux security is no security"), but I thought I'd at least add that perspective.