When Your Company Remote-Wipes Your Personal Phone 446
Xenographic writes "NPR has a story about someone whose personal iPhone got remotely wiped by their employer. It was actually a mistake, but it was something of a surprise because they didn't believe they had given their employer any kind of access to do that. This may already be very familiar to Microsoft Exchange admins, but the problem was her iPhone's integration with MS Exchange automatically gives the server admin access to do remote wipes. All you have to do is configure the phone to receive email from an MS Exchange server and the server admin can wipe your phone at will. The phone wasn't bricked, even though absolutely all of its data was wiped, because the data could be restored from backup, assuming that someone had remembered to make one. But this also works on other devices like iPads, Blackberry phones, and other smartphones that integrate with MS Exchange. So if you read your work email on your personal phone or tablet, you might want to make sure that you keep backups, just in case."
Nonsense (Score:4, Interesting)
Wiping someones personal data is a felony. I think it likely that the employer prosecute if the tables were turned. Hacking tools are illegal in some jusridictions, I think anything providing this level of unauthorised access would be illegal under German law. Guess they don't use exchange there?
Re:Hmmmmmm (Score:0, Interesting)
The solution is a simple one. If a company requires you to use a phone for business purposes that will be sending/receiving business e-mails and subject to remote wiping by that company, then that company needs to issue phones to their employees that may not be used for non-business purposes. Then there wouldn't be any problems with a company wiping a phone that is actually company property.
That was probably their policy and they gave everyone a free Black Berry. Then a few Apple "Fanatics" started whining they wanted to user their UBER sweet iPhones and the company is being racist against their phones if they don't let them use it.
The company gives in after all the whining but the policy regarding a phone being used with their exchange server never changes. And so the policy stands that they can wipe any phone that was had connected to their server.
Keep (Score:1, Interesting)
Keep personal items and work items separate. CRAZY I KNOW.
Our university is even worse... (Score:4, Interesting)
Re:we have the same policy at work (Score:4, Interesting)
My $.02 on policy:
Employees should backup their own data. If they are uncomfortable with the possibility of Employer wiping their personal phone, then they should not connect their personal phone to work email.
If an Employer *wants* its Employees to be reading their email from cell phones and the Employee doesn't feel like using their own personal property to do so, then the Employer needs to buy the Employee a work owned device or "STFU". If the Employee doesn't want to carry around two devices then they either need to submit to their phone being wiped or "STFU" and carry around both devices.
Re:we have the same policy at work (Score:3, Interesting)
We have the same policy and will only allow smart phones to connect to exchange when they have the remote wipe capability. It's to protect the company's interests should a phone be lost or stolen.
Do you have the same policy for PCs?
Re:we have the same policy at work (Score:3, Interesting)
Then don't connect your personal phone to the company network.
This.
Furthermore, there is no way in hell I am going to spend my own money on a phone for work purposes. If they want me to pretend to have email access anywhere, they can very well buy me a phone that I can leave locked up in my desk at work, then pretend the network wasn't available when they tried to get in touch with me.
Wait, what were we talking about again?
What about laptops? (Score:3, Interesting)
What's so special about a phone that they get extra special wipe privileges? Can an Exchange admin remote-wipe my laptop if I have it hooked up to my corporate account?
No.
Why my phone then?