According to tablet blog Padgadget, a group of German hackers discovered a technique to extract user passwords from iPads, iPhones or iPod Touch devices a few months back. This would include not just the device password, but any passwords stored in the iOS keychain.
While this story has (rightfully) gained a great deal of attention, careful readers will note that the hackers’ discovery does not really uncover a new or unknown threat. After all, in order to conduct the hack, intruders must first gain physical possession of the iOS device. It is well understood that once your device leaves your possession, whether it is a laptop, desktop or iOS device, it is no longer secure.
The difference between a desktop computer stolen from an office cubicle and an iPhone stolen from your table at a coffee shop is that the iPhone is likely to remain connected to the Internet for at least a while. The exposure of this vulnerability serves mainly to highlight the importance of solid Mobile Device Management.
Quick reporting of device loss will enable IT administrators to completely wipe iOS devices using Absolute Manage MDM, leaving nothing for hackers to steal. Beyond that, Absolute Manage MDM’s geotracking capability makes it possible to assess whether the device has been lost or stolen; for example, if the device is still in the coffee shop where it was last in the possession of its assigned user, it was probably just misplaced, and a remote lock and message sent to the device will get it back. If it is moving rapidly, it is more likely stolen, and should be wiped immediately.
Each organization needs to determine the data wipe policy best suited to protecting the devices it manages, based on the sensitivity of the data stored on the devices.
None of that, of course, makes devices or data 100% secure, but with the rapid proliferation of mobile devices in the enterprise, MDM is an absolutely necessary layer of protection.