You know that sinking feeling in your stomach when you realize you don’t know where your smartphone is? Thankfully, every time I have experienced that I have been able to resolve it by simply calling it and following the rings to find out what couch cushion it fell behind. But, what happens when you really lose your smartphone--like leaving it in a taxi, or at a restaurant?
Symantec conducted an experiment to find out. It intentionally “lost” 50 smartphones in public locations across major cities including New York City, Washington DC, San Francisco, Los Angeles, and Ottawa, Canada. The results of the experiment are not encouraging.
For starters, you would hope that if somebody found your smartphone they would make some effort to return it to you. Symantec found that there is only a 50/50 chance of that happening: “Only half of the people who found one of the phones made any attempt to return it.”
Of course, if somebody finds a smartphone and wants to find its rightful owner and return it, the logical thing to do is dive in and search for relevant personal information that can be used to determine who the owner is and how to contact him or her. And, if somebody finds a smartphone and is not planning on returning it, they will also most likely dig into your personal information…just because.
According to the findings in The Symantec Smartphone Honeystick Project results, “Chief among the findings is that there is a very high likelihood attempts to access both sensitive personal- and business-related information will be made if a lost and unprotected smartphone is found by a stranger.”
For the purposes of this experiment, that “very high likelihood” translates to a virtual certainty. Whether the finder made an attempt to return the smartphone or not, personal information was accessed in 96 percent of the cases. Symantec reports that six out of ten finders attempted to view personal email and social media information, and eight out of ten accessed data clearly marked as “HR Salaries”, “HR Cases”, and other corporate information.
Your own personal data is not the only thing at stake either. Your smartphone contains the names, phone numbers, home addresses, and email addresses of everybody you know. It has access to your email, Facebook, Twitter, and other social networks. Think about how many apps you have for banks, credit cards, or retail businesses like Starbucks--and how many of those don’t have security set up, or have the password stored so you can access them more conveniently.
Symantec points out that there are two things both business users and consumers should have in place to guard against this kind of invasion of privacy. First, the smartphone should have a password or passcode. It should lock automatically after some period of dormancy, and it should require the password or passcode to access the device.
The second thing is that the device should have some remote data wipe capability. Apple offers the Find My iPhone service within iCloud that can be used to remotely lock, or remotely wipe a lost iPhone or iPad. You can also configure an iPhone or iPad to automatically wipe after ten failed passcode attempts to prevent someone from just trying to guess their way into accessing your data. Android and other platforms offer similar services in most cases.
If you lose your smartphone, don’t plan on getting it back. And, if you’re lucky enough to get it back, assume your data has been compromised unless you have taken the precautions described here to prevent unauthorized access and protect your smartphone.