Mobile
News
3/14/2012
10:18 AM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Lose Your Smartphone? Finders Will Snoop Through It

Symantec study says nearly everyone who finds a lost smartphone will poke through its contents.

MWC: Waterproof Your Phones, Tablets, Laptops
MWC: Waterproof Your Phones, Tablets, Laptops
(click image for larger view and for slideshow)
If there's a silver lining revealed by Symantec's latest security study, it's that about 50% of those who find a lost smartphone will attempt to contact the owner to return it. But that's pretty much where the good news ends.

Symantec recently published the results of what it called the Honey Stick Project. Symantec took 50 smartphones and loaded them with a collection of simulated corporate and personal data. Symantec also made sure it could track the location of the lost devices, as well as monitor what happened to them once they were found. The data collected for apps on each device included the device's ID, the names of the applications accessed, and what time each app was accessed.

According to Symantec, the devices were not password-locked and had easily accessible owner information (phone number, email address, etc.). The goal of the study was to assess what typically happens when a person comes across a lost smartphone.

The 50 smartphones were sprinkled at random public locations around New York City, Washington D.C., Los Angeles, San Francisco, and Ottawa. Symantec said it picked highly trafficked areas, such as elevators, malls, food courts, and public transit stops. Then Symantec sat back to watch what happened. You might want to sit down before you read the results.

[ Letting employees use their own devices at work has its advantages, but security must be managed. Read more at 3 Bring Your Own Device Risks For SMBs. ]

First, 96% of the lost smartphones were accessed by those who found them. What were those people looking for? Well, 89% of the device finders accessed personal data, 83% accessed corporate data, and 70% accessed both personal and corporate data. Only 50% of those who found the lost smartphones contacted the owner about returning the device -- but not until they accessed the owner's personal and corporate data.

Attempts to access a private photo app occurred on 72% of the devices, attempts to access an online banking app was observed on 43% of the devices, and attempts to access social networking accounts and personal email took place on over 60% of the devices.

Symantec also put some juicy files on each device, such as HR Salaries, HR Cases, and Saved Passwords. The HR Salaries file was accessed on 53% of the phones, the HR Cases file was accessed on 40% of the devices, and the Saved Passwords file was accessed on 57% of the phones.

Here's the real scary part: 66% of the devices recorded attempts to reset the device password.

There are a lot of interesting data points here for enterprise IT folks to consider. Lost smartphones pose a real threat to corporate security. The easiest way to forestall the breaches described above is to require passwords to unlock the smartphone. Even a four-digit PIN will deter most who stumble on a lost device. Sure, savvier people might be able to bypass a PIN, but almost any normal password (mix of upper/lower case letters with numbers) will prevent corporate and personal data from falling into the wrong hands.

Take device security seriously, people!

InformationWeek is conducting a survey to determine the types of measures and policies IT is taking to ensure the security of the full range of mobile assets on cellular, Wi-Fi, and other wireless technologies. Upon completion of our survey, you will be eligible to enter a drawing to receive an 32-GB Apple iPod Touch. Take our Mobile Security Survey now. Survey ends March 16.

Comment  | 
Print  | 
More Insights
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.