According to a study, more than 40% of people who accidentally find lost smartphones access personal data, corporate emails and online banking information.
Symantec Study “Lost” 50 Android Smartphones
In a study aimed to find out what really happens to lost smartphones, a security company and software provider Symantec purposefully lost 50 expensive smartphones in large American cities, such as San Francisco, Los Angeles, New York and Washington. All the lost smartphones have been pre-loaded with an identical set of personalization apps, invented personal data and files, financial information and no passcode protection or a custom swipe unlock pattern whatsoever.
95% of Finders Accessed Highly Sensitive Information
Symantec reports that in 95% of cases finders, mind you – not thieves, of these intentionally lost smartphones accesses information and files that appeared to be highly personal and sensitive, as well as emails and online banking.
While none of the finders was a thief and robber, all of them possessed a common human trait – curiosity. In other words, snooping is human.
About 50% of the finders attempted at reaching the owner and return the found device – each lost phone had the owner listed in contacts and e-mail. Nevertheless, almost all of the people in this category accessed other data that was absolutely irrelevant for returning the phone to the rightful owner.
Symantec did not aim to study people’s motivation and psychological underlying behind their behavior. Instead, the survey’s purpose was to determine what kind of information they would access and what they would do with it afterwards.
Here is the breakdown of what other information the finders tried to access:
72% looked through personal photos;
60% accessed social media accounts of the owners;
40% accessed corporate e-mails and credit card information, as well as online banking websites;
57% accessed text files with passwords for apps installed on the smartphone;
53% accessed a fake list of salaries of the company employees.
Project Honey Stick
What a poetic name for the project that lures unsuspecting people into a trap of placing attractive data right in front of their noses. Again, Symantec representative Haley says the aim was not to study human motivation to judge them, but to record the exact numbers of what type of personal information about the owner gets exposed in case his or her smartphone gets lost.
The lost smartphones had fake identity information, and all apps stored user information, so all the finders had to do was to tap “login” to access the accounts and data. Two thirds of people who found lost smartphones tried to access that data. What is more interesting is when they get an error notification, they would try to browse and find the passwords file. Once they found it, they tried to access the accounts again.
Symantec Made Its Point
The company sells mobile security suites to businesses and individual consumers under the Norton brand, and the study demonstrated perfectly clear just how important a security tool is to smartphones. Nowadays, security suites are so much more than just antivirus programs; they comprise a large set of tools that can help users lock a lost smartphone remotely, or wipe all the data altogether and even track its location.
The company intentionally did not install these security apps on lost smartphones; neither did they use this software to track people’s snooping activities on found smartphones.
How to protect your smartphone?
Not all of us are ready to invest in a smartphone security app, even though we are willing to spend on Candy Crush Saga in-app purchases. First of all, not all security apps are paid; there are many functional and free apps, as well as basic prevention steps dictated by common sense. Following these simple self-protection guidelines is like personal hygiene for smartphones. For the most recent report on the best antivirus apps for smartphones, refer to this overview.
Step 1. Passcode
Set a pass code or a custom swipe-to-open pattern to lock your device, and most importantly, keep it on. The most common mistake most people do is disabling this protection when they are at home or office because they feel safe on this territory, and they think nothing can go wrong. However, once you disable the pass code or swipe pattern, you may forget to turn it back on once you leave your house.
People usually lose their smartphones in public places – cafes, bars, parks, streets and shops. So, to avoid committing that blunder, just keep that feature on at all times.
Step 2. Passwords
This is one of the dumbest mistakes one can commit, face it. You accidentally lose your smartphone and somebody who finds it gets all the passwords for all the apps installed on it – all your social media accounts and online banking.
It might be a good idea not to store your apps passwords in a text file located on your smartphone or in your cloud storage accessible from your smartphone. Also, do not store passwords and logins in your mobile apps, and don’t use the same passwords for several accounts.
Never use “password,” “qwerty123” or “123456789” as your password. The same goes about the information about you that can be easily found in your social profiles, such as birth date, home town or the name of your pet. It is amazing how lazy people get when it comes to inventing passwords.
The best option is to generate passwords with secure passwords generator. Yes, they come out impossible to memorize, but if you keep them in a file outside your smartphone or paper notebook, chances are your personal data does not get compromised if you lose your device. It may add extra 30 seconds to every login process, but you just have to decide for yourself what is more important to you – convenience at the expense of security, or security at the expense of fast logins.
Try password management apps, such as KeePass or 1Password, instead. However, these service can get hacked, too.
Step 3. Encryption
We covered a large article on encrypting Android devices. You might want to encrypt your entire device, although this process is irreversible. Likewise, you may use third-party apps that will encrypt only files and folders of your choice, for example, passwords text file and personal photos. There are apps that create hidden vaults and fake vaults, which cannot be accessed without a password. For example, this app deletes the contents of your vault if the PIN or password is entered incorrectly six times in a row. For more information about hidden vaults, refer to this article on Parental Control apps.
Step 4. Remote Control
It might be a good idea to install Android Device Manager, or any other app that can track and lock your device remotely, if it gets lost or stolen. If you have been using Dropbox, it may help you locate your device or even identify the person who has it.
You Lost Your Smartphone – What Now?
It is set in stone – you lost your device, what do you do now? Find access to Internet and:
– Report to the Police. Some may feel reluctant to go this far, but if you had your personal and banking information on your device, there is a chance someone may use your identity to commit fraud;
– change passwords of your e-mails, Facebook and Twitter accounts, online banking and the other services you have been using on the smartphone;
– call your credit card issuer and notify them your credit cards need to be cancelled due to loss of the device that had their details stored.
Whoever finds your smartphone may easily access your accounts, change passwords and hijack them, in case you have not been following the security guidelines listed above.
– The next thing you can do is notify your carrier that your device has been lost or stolen. That way, the carrier can shut down the service until you resolve the issue by either finding your phone, or getting another one. This needs to be done urgently, so that whoever finds your smartphone does not spend a fortune making international phone calls to friends abroad, or paying for adult conversations at your expense.
– If you tried calling your number and nobody answers, or it appears out of range or disconnected, do not hesitate to contact your wireless carrier and request they shut down the service temporarily.
Identity Theft Risk
The Police are warning citizens that smartphone theft and identity theft go hand in hand, and the increasing rate of smartphone robberies are not just for re-selling an expensive device on the black market. Petty thieves take stolen devices to hackers, unlock personal information they can then sell online for as much as $300. The next thing you know you owe a couple of million dollars to some bank in your name and you have to prove you are not entitled to it.
It does not feel good having your nude images exposed to whoever finds your smartphone
If you have ever lost your smartphone in a subway, or café, you must recognize the aching feeling in your stomach. It does not feel good to realize you had your private photos, credit card numbers, passwords to emails containing the information about you that can be used against you – unprotected. It is like walking naked along a drug ghetto in the middle of the night – you are asking for trouble. So, the best advice here is to sober up and treat your smartphone seriously.
You may want to watch the movie “Disconnected” to see a small fraction of what happens in case of identity theft or social accounts abuse.