Controls blocking the flow of data are an important tool of defence measures. Usually you need to enforce your organisation’s set of permissions. There are even fancy gadgets available to help you cope with data loss in terms of unauthorised access. This only works in controlled environments. Fortunately the modern IT policy allows intruders to bring their own tools in order to circumvent security controls. Bring Your Own Device (BYOD) is all the fashion these days, and it really helps evading defence mechanisms.
At DeepSec 2013 Georgia Weidman of Bulb Security LLC talked about what you can do with mobile devices and what you have to address when protecting your data.
„…Companies are putting a lot of faith in these security mechanisms to stop the threats to mobile devices. In this talk we put those big claims to the test and look at ways to bypass security restrictions on mobile devices. … Why not just send your shell back to an exploited mobile device in the environment and have it pass the shell out via SMS? Code examples of all the techniques used will be demoed live and released as additions to the author’s Smartphone Pentest Framework.“