To Wipe or not to Wipe - Remotely

 Posted on January 29, 2025  |  brian

For some Remote Wipe is the ultimate solution for Mobile Security. A device is lost, remote wipe triggered, problem solved! Or is it?

On paper remote wipe is pretty cool. While the device’s PIN or security might not hold up for ever, remote wipe makes sure it doesn’t even have to. The moment the device is wiped, there is no need to worry about the data anymore.
Technically remote wipe is a command which is pushed to or pulled by the device from some kind of mobile device management. The critical aspect: the device has to be online for the command to get through.

A Sincerely Lost Device

No matter if the device goes down the gutters, a mountain side or ends up in a lost and found, while it’s at risk, it’s still ok. Having remote wipe, there won’t be anything critical left on the device. Not having remote wipe, we’re still lacking the attacker who’d try to extract data. So, while reducing risk on paper, practically it …doesn’t… really.
Adding the attacker, we reach the next chapter.

Theft

Most thefts are either about money or money. In the first scenario, the thief or rather our attacker wants quick money. Stealing the phone from a random person to sell it. He doesn’t care about the data on the device and will probably directly rip out the SIM card, to make sure he won’t be tracked. Or maybe just switch off the phone? What happens within the first minutes after losing the device already prevents the remote wipe command from working. Luckily, the risk for the data is yet again pretty small, as the attacker will probably also try to wipe the phone as quickly as possible. The second attacker in the theft section, is a role I like playing myself. Extracting a device to access the data stored on it. The good thing is, I know remote wipe exists, just as tracking does. I also know that a phone will probably be harder to open after a restart, so I bring two things. The first is a power bank with a matching cable to keep the device running. The second part is a simple shield bag taking it completely offline. This way I can comfortably take it to my lab, utilize the 0-day I don’t have and extract the data. And all of this in a shield box, keeping the device offline and only allowing it to connect to my own network.
Yet again, there’s only a tiny chance for the command to reach the device.

SIM-Cards

It gets even worse, if the playbook also contains deactivating the SIM-Card, which will take the device offline instantaneously.

So Remote Wipe is Useless?

No, of course not! You can always be lucky enough for remote wipe to come through in time and save the day. BUT…don’t rely on it. This especially applies when introducing it as a golden Hail Mary during a risk analysis and using it to mitigate …everything…