Protecting devices against third-party access
Mobile devices should always be protected against third-party access as soon as work-related data, emails or passwords are stored on the device. And that applies whether it's to prevent willful access, or to keep someone living in the same house from mistakenly deleting important emails or viewing confidential information.
Screen lock
Protective function of the screen lock
Mobile devices should never be left unattended, at least in a public environment, or even at work. The device should be configured with a screen lock in case it becomes lost or falls into the wrong hands.
Pin and screen lock
There is a difference between the screen lock and the SIM card pin. The pin is issued to you when you purchase or are provided a smartphone. It protects the SIM card from unauthorized use. Without the pin, you cannot make telephone calls or access the Internet from the mobile device. The screen lock protects the entire device!
Types of screen locks
Screen lock options depend on what the device offers. Apart from a pattern, mobile devices can be unlocked with a password, pin, fingerprint or via face recognition. The various options can be evaluated differently from an IT security standpoint:
- Under certain circumstances, the face recognition feature can be circumvented by using a photo.
- Even children can trick the fingerprint sensor. The Chaos Computer Club shows that this can work even without using the finger of a sleeping father.
- Because swipe traces remain on the display of the phone, screen lock patterns can be identified.
- Pins that are too short can be hacked.
Screen lock disadvantages
A secure, and therefore long password is extremely annoying given how often you use the device on a daily basis. On the other hand, you should not make it too easy for someone to access your device. This calls for finding a middle ground between security and convenience.
A work phone or a private device with work information stored on it should always have the screen lock activated!
Setting up the screen lock
You will find instructions here for setting up the screen lock for various smartphones.
The various smartphone operating systems offer different ways to determine when the screen lock is activated.
The key is to make sure the screen lock is activated whenever the display shuts off, as well as when the device has been inactive for some period of time. Instructions for configuring the individual devices can also be found in the instructions for setting up the screen lock.
Some devices allow you to leave notes on the screen lock display for honest people who find your phone. Corresponding instructions are also available in the guide for setting up the screen lock.
Precautionary measure in case of loss: Remote wipe
Smartphones and tablets can be set up with so-called remote wipe. If the device is lost, the factory settings can be restored so that the data and accounts are deleted.
Several providers offer this type of service. Many of them are manufacturers of security apps for smartphones, such as Sophos Security.
TUM Exchange also offers this service if you have an account set up on your device. You can find additional information under Exchange Anti-theft Security.
Information on other options is available under Instructions > Remote Wipe.
Device encryption
What is device encryption?
Device encryption is an additional way to protect data against third-party access. Device encryption involves converting readable data into unreadable character strings that can only be converted back into their original form with a secret key.
What kind of concrete protection can I expect?
- By activating device encryption, your device is protected when it is turned off.
- With some operating systems, device encryption protects the data even when the device is powered on.
- iOS version 4.0 and higher features so-called Data Protection that is activated as soon as the screen lock is set up. This protects application data for individual apps in an active status, as well, and offers additional protection for your application data, provided the pin consists of more than an easily-hacked 4-digit code.
- The screen lock with a secure password/pin is also important for Android devices since the data can be accessed immediately once the device is active.
- Encrypting SD cards:
- SD card encryption is a not a standard feature in the Android operating system. Several smartphone providers have added this feature so that the SD card can be encrypted in a second step.
- This is a non-issue with iPhones, since they can't be expanded with SD card memory anyway.
- Windows Phone 10 is unfortunately not capable of encrypting SD cards through the operating system.
Does device encryption interfere with the use of the device?
Device encryption does not interfere with the use of the device. It only secures the data.
- With the iOS, encryption runs without you noticing it. Decryption occurs by entering the password/pin for the screen lock.
- With Android devices however, you must enter the pin/password with each new start.
How can I encrypt my device?
Encrypting hard drives on Windows laptops with Bitlocker
Hard drive encryption also makes it easy to protect laptops against data theft:
- With Windows business notebooks that have the TPM module, we highly recommend using Bitlocker. It can be activated with just a few Control Panel clicks, after which the feature runs silently in the background.
- You can furthermore set up an emergency key storage for Bitlocker via the TUM Active Directory, which lets you access the data on a defective laptop.
Further information and manuals for Bitlocker