The Wipe Command That Should Worry Every Bank in America

The Wipe Command That Should Worry Every Bank in America

A few days ago, I was reading about what happened at Stryker.

At first, I assumed it was the usual story. Ransomware, phishing, something involving an attachment someone shouldn’t have opened. You skim the headline, you think you understand it, and you move on.

But the more I read, the less it sounded like that.

There wasn’t any malware. No encryption. No demand for payment.

From what’s been reported, someone got access to an admin credential, logged into Microsoft Intune, and issued a remote wipe.

And then devices started going blank.

Laptops. Workstations. People’s phones. Not just corporate devices. Personal phones on BYOD plans. All getting factory reset. Across 79 countries. In a matter of hours.

Nothing crashed. Nothing broke. The system worked exactly the way it was designed to.

Just not for the right person.

The Problem Hiding in Plain Sight

I’m not a career security practitioner, but I’ve been around this long enough to know when something doesn’t add up.

One of the things that’s always felt off to me is how we talk about mobile device management. We file it under “security.” But if you look at what it actually does, it’s operations. You can see what devices exist. You can push updates. You can enforce policies. You can wipe a lost phone. Useful things. But not, on their own, a security architecture.

Somewhere along the way we added enough layers that it started to feel like one. And most days it works fine. But the core idea never changed. There’s still a console somewhere that can send commands to every device in the company. And if that console includes a “wipe” command that works at scale, that’s an enormous amount of destructive power sitting behind one login.

This Wasn't the First Time

Stryker wasn’t the first time. It was just the biggest. An MDM server used to push banking malware to a multinational in 2020. A mobile management platform exploited to breach 12 Norwegian government ministries in 2023. Thirteen thousand student devices wiped through a breached MDM in Singapore in 2024. The European Commission’s own MDM backend breached six weeks before Stryker.

Each time a little bigger. Each time a little more destructive.

So what happened after? CISA put out an advisory. Microsoft published a hardening guide. Every MDM vendor quietly acknowledged the exposure exists on their platforms too. Jamf. Workspace ONE. Kandji. Same architecture, same risk.

The recommendations are sensible. Least privilege. Multi-admin approval. Phishing-resistant MFA. All good hygiene.

But the whole response boils down to one idea: put more locks on the kill switch.

Nobody is asking whether the kill switch needs to be there.

The BYOD Angle Nobody Talks About

What made this one harder to look away from is the BYOD angle. When your company asks you to install a management profile on your personal phone so you can get work email, most people just tap accept and move on. Nobody sits you down and explains that if something goes wrong on the company’s end, or even if you just leave, your entire phone could get wiped. Most people don’t find that out until it happens.

At Stryker, people found out in the worst possible way. Personal phones completely wiped. Photos, banking apps, authenticator tokens, eSIMs. One person reportedly lost access to their 2FA, which doesn’t show up in a risk register but becomes very real very quickly.

Somebody needs to write a BYOD bill of rights. But not today.

We've Solved This Before

We solved a version of this problem before. When companies got tired of worrying about sensitive data living on laptops, VDI moved the desktop into the data center. The laptop became a screen. You could lose it, break it, have it stolen. Didn’t matter. Nothing was on it.

It’s worth asking why we haven’t applied the same thinking to phones.

Because in this case, nothing was stolen. Nothing was encrypted. Everything was just removed. All at once. From a browser.

What Happens When Banks Are Next?

Iran has publicly said banks and economic centers tied to the United States are next. Every major financial institution runs the same MDM architecture Stryker was running.

And I think it’s worth at least asking whether that’s a risk we’re comfortable carrying. Or just one we’ve gotten used to.

Hear From Our CEO: What Really Happened at Stryker?

Hypori CEO Jared Shepard breaks down the architectural flaw at the heart of traditional MDM—and why virtual smartphones eliminate the wipe command risk entirely.