How-to: In case of theft, enable 'self-destruct' mode

So you just bought a brand new WinMo phone. Does the idea of some thief getting their grubby little hands on your new baby and all its private information (text messages, contacts, credit card numbers, private emails) make you absolutely sick?

This walk-through will help you protect yourself against information theft by showing you how to turn your Windows Mobile device into a self-destructing data safe.

[ad]

To err is human, but to really mess stuff up… requires the root password.

Did you know that it’s possible to wipe the data off a lost or stolen Windows Mobile phone? All it requires is some configuration before anything bad happens to your device.

As an admin using Microsoft Exchange, you have tools with which to set and enforce your mobile device security policies. And, by using provisioning tools, you can also control some other features.

Numerous failed log in attempts may signal that a wireless device has been lost/stolen. This could be a huge security risk. You can trigger a remote wipe of a mobile device via the Microsoft Exchange Server 2007 and Outlook Web Access (OWA) 2007, but that presumes the wireless device will contact the Exchange server at some point.

Mobile devices, thankfully, have a more reliable way of wiping your data when certain prerequisite conditions are met — such as a certain number of failed PIN entries or incorrect password attempts. This is called a local wipe and WinMo devices have the ability to do this already, though it is not enabled by default — can you imagine forgetting your password and trying to log in 3 times and wiping your device clean by accident? Eeep! Digital suicide! But if you want this additional level of security for your device, it’s entirely possible and easy to do.

Ask The Admin has a very easy to follow method:

• First, the Password Required Policy (security policy ID 4131), a Windows Mobile security policy setting, must be enabled for the device in question.
• Next, a registry entry has to be set on the mobile device to enable this feature. In HKLM\Comm\Security\Policy\LASSD, create the decimal key DeviceWipeThreshold and set it to any positive number. This number will be the number of incorrect password logon attempts to allow before the device’s memory is wiped. This setting is also available in the Device Security Settings dialog box in the Exchange Management Console.

NOTE: In Windows Mobile 4, this function did not erase any external memory on the device, such as an SD card or other plug-in memory device. However, Windows Mobile 6 devices will erase external memory cards as well.