With all of the hacking that has happening recently with mobile phones; Scott Wright a research and security coach was hired by none other than Symantec to conduct an experiment with mobile phones. The experiment placed smartphones in areas with a high population (read big cities) and researched exactly what happened with the “lost smartphones”. The results might make you reconsider leaving your phone on the table somewhere. The basic premise of the experiment was this : What will be happens to your smartphone if you lose it?
There were a few different things that were measured in this small experiment (50 phones). They measured whether the phone was accessed, what was accessed, whether they were returned and whether corporate email was accessed. The experiment was conducted in Los Angeles, DC, New York City, Ottawa, and San Fransisco. The phones were left in fairly public areas such as food courts, elevators, taxi cabs, malls, and bus stops.
Out of the 50 phones that were left here were the results
- 48 phones were accessed by their finders
- 45 phones were accessed for personal data or apps
- 42 phones were accessed for corporate data or apps
- 23 phones had their corporate email accessed
- 35 phones were accessed for both personal and corporate data
- 25 phones were returned by finding the owner in the address book
- 26 phones had their “HR Salaries” file accessed
- 20 phones had their “HR Cases” file accessed
- 24 phones had their “Remote Admin” app used
- 36 phones had their photos browsed
- 21 phones had their online banking app used
- 30 phones had their social networking apps used
- 28 phones had their “saved passwords” app used
Numbers like that make you reconsider leaving your phone unlocked without a password. If you had any personal information that was on the phone 90% of people would see what you have , compared to only 50% of them being returned to the owner. To me that is sickening, and is one of the main reasons my phone does not leave the confines of my pocket.
Just think of the things that could hypothetically be found on an upper level manager’s phone if he left it sitting somewhere and it was picked up. Most of the time corporate devices are locked down due to BES restrictions but there is the chance that it could happen on a less secure device.
Scott has done quite an extensive write up based on what he found during the experiment and you can find the complete report here.