HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
Do you get work e-mail on your personal iPhone? You'll think twice about that after reading this article. 
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
When Your Company Kills Your iPhone
- Thread starter HardOCP News
- Start date
coolguy2k
Gawd
- Joined
- Oct 20, 2005
- Messages
- 578
Standard practice is standard when intellectual property is involved.
standard practice could be standard practice, BUT
it was HER phone. her company had zero to do with her phone, she just happened to read her work email on her phone.
her company had zero rights to turn off/remote kill her phone.
now if it was the companies phone that she used, yes they could do that, but since it was her phone, in her name, and she paid the bills, her company had no rights to do such a thing.
i bet what happened is her company probably went under and to stop any more phone bills they had the provider of their phones a blanket list of all the emails for phones for employees, which contained her email- since she got work email on her email account- and no one checked the list of all email addresses vs the list of all company phones, if they had they would have easily found any discrepencies.
ie they never checked to see if she actually used a work phone or not.
it was HER phone. her company had zero to do with her phone, she just happened to read her work email on her phone.
her company had zero rights to turn off/remote kill her phone.
now if it was the companies phone that she used, yes they could do that, but since it was her phone, in her name, and she paid the bills, her company had no rights to do such a thing.
i bet what happened is her company probably went under and to stop any more phone bills they had the provider of their phones a blanket list of all the emails for phones for employees, which contained her email- since she got work email on her email account- and no one checked the list of all email addresses vs the list of all company phones, if they had they would have easily found any discrepencies.
ie they never checked to see if she actually used a work phone or not.
This is a big, huge problem.... a very well known one.
I have even seen a few comedic shows point it out recently how nobody ever reads ANY OF THE DAMN agreement (for many obvious reasons like horribly constructed, and hard to understand law wording, plus being more than 5 pages long)
Nobody is going to read a paragraph or two, let alone 5 pages... when they just want to download a 99 cent mp3 from itunes. Fucking insanely stupid and a way to shaft customers if anything slightly bad happens to their side of the deal.
The Government needs to outlaw these stupid agreements for such low cost items.... and make sure companies can't put little scams into the hidden MIDDLE of these long agreements (e.g: if you don't cancel within 45 seconds, we will charge you $14.99 a month no questions asked! )
I think everyone on this planet, Earth, will agree with me.
lenardo, her company did have something to do with her phone since she was accessing company e-mail on her phone. That means that it can have information just as sensitive as the workstation on her cubicle desk.
A company won't allow that type of network access without a remote wipe capability. Now it does suck that they wiped her phone by mistake but that's a different story.
A company won't allow that type of network access without a remote wipe capability. Now it does suck that they wiped her phone by mistake but that's a different story.
this is common practice if you want to use exchange activesync on ANY mobile device. It;s there for security reasons. If you want to check it via webmail, that's one thing, but this method pretty much leaves the company's email account WIDE OPEN, thus the ability to wipe.and a Windows Mobile or Android device, it hard resets the device, BUT it still works after the reboot. the iPhone is the big issue here as it's dead in the water until you plug it back into itunes.
I managed this aspect of exchange for 2-3 years and i can say that less than half of the people READ any kind of disclaimer, then act surprised when something happens. We also had a 3 password attempt policy.... you mess it up 3 times, the phone will erase. I've handled many calls explaining why someone's kid was able to wipe a device without knowing a password.
If my employer were to stop using exchange activesync, then there will be 200+ angry people with blanked phones!
In the end, if you want to connect your phone to your companies exchange account, be aware that they OWN your phone until you wish to disjoin it from the exchange server.
I managed this aspect of exchange for 2-3 years and i can say that less than half of the people READ any kind of disclaimer, then act surprised when something happens. We also had a 3 password attempt policy.... you mess it up 3 times, the phone will erase. I've handled many calls explaining why someone's kid was able to wipe a device without knowing a password.
If my employer were to stop using exchange activesync, then there will be 200+ angry people with blanked phones!
In the end, if you want to connect your phone to your companies exchange account, be aware that they OWN your phone until you wish to disjoin it from the exchange server.
Who care's if it's her phone, she's using it for work.
As has been said, she likely was told about this ahead of time and glazed over it. I can't believe this made it to NPR. I've had the situation with dozens of users when I had an internal gig. Paraphrased answer every time is "Go screw, we told you not to put company email on your personal device. Now leave me alone."
stealthy123
2[H]4U
- Joined
- Feb 4, 2005
- Messages
- 3,149
god bless the company line.
Axehandler
Gawd
- Joined
- Dec 19, 2007
- Messages
- 635
It's simple, if you willing to access something that can be sensitive in nature dealing with your work on a personal device.... then you have to accept that the company may want to remove said sensitive info if needed.....
Next time say... "if you want me to access this while on the road .. provide me with a Smartphone"
Axe
Next time say... "if you want me to access this while on the road .. provide me with a Smartphone"
Axe
Psst, grow up, get a job with a real big-boy company, then speak. You clearly have never worked for a corporation and are clearly speaking from someone with extremely large blinders on.
Each employee at my company has to sign a waiver if they want work emails on their personal device. In it, it clearly states that if the device is not turned over to IT within 24 hours of no longer being an employee, the IT department will remotely wipe the device. This policy is based off of best practices.
ShadowStriker
[H]ard|Gawd
- Joined
- Oct 8, 2009
- Messages
- 1,669
Its called liability, get used to it.
sfsuphysics
[H]F Junkie
- Joined
- Jan 14, 2007
- Messages
- 15,994
so how does this remote wiping work? Doesn't appear that it's a remote application that the user needs to put on their phone, but something that's part of the phone. Is there some code the phone can give out to the work place to allow it? Or is this a nasty hacker exploit waiting to happen?
A lot of companies allow personal devices to be connected to their network for business purposes now in the name of being accommodating to users. Mines does for example, and it's made completely clear in writing and verbally if they call the help desk that if they are terminated, or report the phone as stolen the phone will be wiped and that will include your personal information. Very few seem to completely understand that as in my experience people have rarely declined after being told. The vast majority are people who's departments won't buy them a company phone, or they took it away as it couldn't be justified anyways.
It's not just iPhones either, the phone has to support remote wipe before it's even allowed, we didn't allow Android phones until that was possible as an example.
ExplodingTaco
2[H]4U
- Joined
- Jul 5, 2005
- Messages
- 2,365
I really dont understand how this is news. Not only does this happen every day, it SHOULD happen every day. My company does not "allow" users to access corp email on their personal phones but the smarter ones out there can just write down the setting and do it anyway and we have wiped a few when this was done.
Builtin starting with Exchange 2007. Addon for 2003. Believe third party apps are out there that can integrate with Exchange and do this as well..
dirksquarejaw
[H]ard|Gawd
- Joined
- Oct 3, 2006
- Messages
- 2,003
According to the article it was the wipe email was sent to her by accident.
I would kill for that kind of accident.
I would kill for that kind of accident.
DyNamiC.
[H]ard|Gawd
- Joined
- Mar 27, 2006
- Messages
- 1,256
I believe remote wipe can be disabled with some tweaking in Android. It will still appear to remote wipe from the admin side but on the user side it does nothing.
[H]ocusPocus
Limp Gawd
- Joined
- Sep 22, 2006
- Messages
- 475
Same thing where I work. You must agree to this before connecting a personal device to the corporate network. Especially in the case of a lost phone, it makes perfect sense to have this ability.
Which is why a lot of companies don't use the native program and require use of Good or Touchdown. If 'tweaks' like that become commonplace companies will just start blocking Android devices out right.
Yes, it can, but the phone has to be rooted first. Not a huge barrier, but also not something everyone is willing/able to do.
You getting a warning of some sort that your company is applying security policies, honestly didn't think it was descriptive enough that most users would be able to equate it to a remote wipe. Been awhile though.
No, it's part of the active sync protocol. Which can be fully or partially supported on both ends with mixed results. But if fully supported on both ends, remote wipe has to be there. How exposed you are to malicious shenanigans really comes down to how secure the server side is.
If by newer, you mean at least as far back as exchange 2003, then yes "newer".
After working in IT for awhile, my view on personal/work phone usage changed. I don't mix the two. In the past I wanted as much integration as possible so I had everything at my fingertips. But now, if someone wants me to be able to check my work e-mail when I am away from work and mobile then they can provide me with a company phone, where I can expect it to be remote wiped if lost. Otherwise, I will check my e-mail when I get in.
A lot of people don't setup those work/life boundaries (like my wife) but you have to draw a line somewhere, especially when people e-mail you at home because their screensaver is "different" and they expect you to log in and fix it right then. Been there, done that.
A lot of people don't setup those work/life boundaries (like my wife) but you have to draw a line somewhere, especially when people e-mail you at home because their screensaver is "different" and they expect you to log in and fix it right then. Been there, done that.
I'll have to look into that. We just recently approved Froyo in our company, but if there is a way for them to get around the remote wipe (most of them wouldn't even think about it, let alone have the know-how to do it), we may need to revisit that.
We notify users verbally/written in addition to the employee network access agreement, that if the phone is lost/stolen/etc, we can remote wipe it. I don't care if it is a personal phone. If you are receiving work email on it you are agreeing to abide by the security policies of the corporation.
Cry me a river.
swatbat
[H]F Junkie
- Joined
- Apr 25, 2001
- Messages
- 13,052
Ding. This is a pretty standard practice. Exchange has had the feature since 03 with an addon pack and the blackberry enterprise has had it as long as I can remember.
Sucks that it got erased by mistake but I do see how this is an issue. ATT didn't give them access to remote wipe the device, she did.
![Zarathustra[H]](https://cdn.hardforum.com/data/avatars/m/9/9298.jpg?1707758471){kind=avatar}
Zarathustra[H]
Extremely [H]
- Joined
- Oct 29, 2000
- Messages
- 38,862
Interesting.
I thought that when a company - via Outlook - remote wiped a phone, only the Outlook content was wiped, not the ENTIRE FUCKING PHONE!
Either way, just in case the first thing I do when wrapping up my employment somewhere is purge the outlook account from my phone, so they can't remote kill it via Outlook at least...
I thought that when a company - via Outlook - remote wiped a phone, only the Outlook content was wiped, not the ENTIRE FUCKING PHONE!
Either way, just in case the first thing I do when wrapping up my employment somewhere is purge the outlook account from my phone, so they can't remote kill it via Outlook at least...
Zarathustra[H]
Extremely [H]
- Joined
- Oct 29, 2000
- Messages
- 38,862
Alright, so I just finished reading the article.
So all she had to do was restore it from the latest backup and it worked again?
Big effing deal.
A minor annoyance, yes, but its not as if they "killed her phone".
IMHO, Outlooks kill command sould wipe out anything related to the Outlook account (email, calendar, etc.) but leave everything else intact.
This would be less of a nuisence. It makes no sense to disable the entire device...
So all she had to do was restore it from the latest backup and it worked again?
Big effing deal.
A minor annoyance, yes, but its not as if they "killed her phone".
IMHO, Outlooks kill command sould wipe out anything related to the Outlook account (email, calendar, etc.) but leave everything else intact.
This would be less of a nuisence. It makes no sense to disable the entire device...
Zarathustra[H]
Extremely [H]
- Joined
- Oct 29, 2000
- Messages
- 38,862
I have an iPhone and I am issued a work Blackberry.
The Blackberry is impossible to use. The biggest pile of electronic turd I have seen in my life. It's amazing RIM is in business at all.
I leave my blackberry in my desk drawer at work and never use it. I've had the number forwarded to my iPhone, and I get outlook access on my phone. I refuse to carry two devices with me. Simply won't happen, even if they were to give me a second iPhone or an Android.
The fact that the Blackberry is the worst phone I have ever had the misfortune to have to use makes this decision SO much easier.
Lawsuit waiting to happen, even if an employee were to sign a waiver.
Ever heard of prenups being thrown out due to any form of duress or pressure to sign?
same case can be brought and indeed be won.
I hope this lady in the article sues for wrongful termination of her personal phone.
Ever heard of prenups being thrown out due to any form of duress or pressure to sign?
same case can be brought and indeed be won.
I hope this lady in the article sues for wrongful termination of her personal phone.
ShadowStriker
[H]ard|Gawd
- Joined
- Oct 8, 2009
- Messages
- 1,669
Zarathustra[H];1036469940 said:
Yeah, but if you were to be terminated for wrongdoing couldn't you just copy your Outlook data off the outlook section onto SD card or something and it'd be safe?
AcerbicWit
Lurker
- Joined
- Aug 21, 2007
- Messages
- 295
What he said. Work email contains confidential information. When you leave a company, you turn over your computer, ID, keys, phone, etc. Why wouldn't you expect to have to surrender confidential email and contacts?
Now, that being said, the article states it was "done by mistake". THIS is inexcusable. The guy that did it should be reprimanded.
- Joined
- Jun 27, 2001
- Messages
- 15,814
or you could just backup your PST file to a thumbdrive, or email it to your personal email as an attachment
ShadowStriker
[H]ard|Gawd
- Joined
- Oct 8, 2009
- Messages
- 1,669
Less work is less work.
Did anyone even read the article? It was an accident. Someone in IT sent her iPhone the wipe command unintentionally. For all we know they never intended on wiping the phone even if they had a good reason to.
The article really is about publicizing that the feature exists and is doable, on purpose or not.
The article really is about publicizing that the feature exists and is doable, on purpose or not.