Paging James Bond: Researchers Develop System That Wipes Data Based On Location

Start your day with TPM.
Sign up for the Morning Memo newsletter

A group of mobile computing researchers at Virginia Tech have come up with a way to completely wipe sensitive information from Android devices based on the person’s location. The researchers say that their system could be used under a variety of scenarios — from preventing hospital personel from misusing patients’ sensitive personal information to people in the military who should not be carrying sensitive strategic information around with them.

The researchers have created a customized version of Android controlled by a “policy engine” on a server. The Android devices use Bluetooth and near-field communications infrastructure to determine the location of the user, and what level of access they have to what kind of information, as well as the level of functionality of their device.

“We’ve created an enterprise policy engine built for Android, and this is all based on a custom version of Android that allows us on a really fine-grain level to control the services and the apps on the phone so that we can control these things on a really, really fine-grain level,” said Jules White, an assistant professor in the Department of Electrical and Computer Engineering at Virginia Tech.

“A simple example would be, someone opens an app, opens some secure information, copies some information, and e-mails it to someone. We can defend against those kinds of things and prevent it from happening,” he explained to TPM’s Idea Lab.

The project is the result of just two months of work by a team of 10 researchers led by himself. The central idea was to secure access to information based on a mobile device user’s location.

Organizations using the system would have to equip their staff with the customized Android phones. Users don’t have to install special apps, but they would have to come to grips with the fact that someone else would be remotely controlling the functionality on their phone.

And, White said, they could be using an app in a location that’s determined to be secure by the organization, but when they walk out of proximity of the secure location, the organization controlling the device could make it as if the sensitive data on it “had never existed.”

Latest Idealab
1
Show Comments
Masthead Masthead
Founder & Editor-in-Chief:
Executive Editor:
Managing Editor:
Deputy Editor:
Editor at Large:
General Counsel:
Publisher:
Head of Product:
Director of Technology:
Associate Publisher:
Front End Developer:
Senior Designer: