Some of you may remember that I lost my smartphone. Nothing’s more upsetting than the thought of someone out there having my device and its data in their mitts. Luckily, I was able to remote wipe it… once I discovered it was lost. But it was at least half an hour before I realized it was missing.
Thirty whole frickin’ minutes. Might as well be a lifetime. These days, it doesn’t take long for some unscrupulous folks to dig up all sorts of data — from contact info to logins and other account information. And while common sense might tell you this is a big deal, there might be some part of your brain wondering if this isn’t just a wee bit paranoid. Criminals and muggers taking your phone is one thing. But if you lose it, are average everyday people really that big of a threat?
In a word, yes, says Security Perspectives Inc. The firm wanted to know what really happens to lost smartphones, so it joined forces with tech security company Symantec for a little experiment. The Symantec Smartphone Honey Stick Project took 50 smartphones, pre-loaded them with fake data and remote monitoring features, and intentionally lost them in high-traffic public places. The devices were left out in elevators, malls, food courts and transit stops, across five different metropolitan areas — New York City, Washington D.C., Los Angeles, San Francisco and Ottawa, Canada. Then the researchers waited to see what would unfold next.
Here’s what they discovered:
- 96% of the lost devices were accessed by their finders
- Only half of those who found a phone tried to return it (and they still tried to access the data on it)
- 60% attempted to access social media accounts and email
- 80% tried to view corporate info, including files very clearly marked as “HR Salaries,” “HR Cases”, and others
- The devices were rigged with a fake app that pretended to access a remote network, and half of the phone finders tried to launch it
- Nearly half of the finders attempted to access the device owner’s bank account
I suppose it’s not too shocking, and yet it’s sobering to see it in black and white. In cases where there aren’t even any bad intentions, human curiosity seems to win out. Nosiness can be a strong temptation, leading the way for other temptations settle in once they have other people’s private info in their hands.
When it comes to protecting yourself from this risk, a little common sense can go a long way. Here’s what the experts recommend:
- Never leave smartphones unattended
- Use a case, sticker or something else that’s outwardly identifiable
- Password protect your device (or alternatively use a “draw to unlock” feature) to deter casual curiosity seekers
- Load geo-locating software, so you can find the device
- Set up smartphone-oriented security software with a remote lock and/or wipe feature
Ever had your data compromised after losing a phone? Tell us your story in the comments below.