Anyone who has left a phone behind at a bus stop or bar recognizes the feeling of leaving your life's story opened up to the juiciest page. Everything stored in a phone—pictures, contacts, social network and banking accounts—is fair game for a stranger with fraudulent intentions. The phone's owner may never know what's been used and viewed, even after being returned...until now.
As part of The Symantec Smartphone Honey Stick Project, researchers intentionally "lost" 50 smartphones around New York City, Washington D.C., Los Angeles, San Francisco, and Ottawa, Canada. The phones were left unattended in public areas—elevators, malls, public transit stops and food courts—and equipped with a collection of simulated personal and professional data, plus tracking and monitoring software that logged the phone's finder's actions. No security features or passcodes were enabled on any of the devices; researchers wanted to observe what happens when a stranger finds a phone without any barriers between the finder and the apps or information on each device.
What Do Phone Finders Do and Look For?
Symantec's report details a lot about what people do when they pick up a stranger's smartphone, but here are the most interesting stats collected from the 50 "lost" phones:
- An attempt was made to access at least one of the various apps or files on nearly all—96%—of the devices. Of course, some of those access attempts could have been made in order to discover information about the phone's rightful owner, but...
- Of the 50 devices, the owner only received 25 offers to help, despite the fact that the owner’s phone number and email address were clearly marked in the contacts app.
- 89% of devices were accessed for personal related apps and information, and 83% of devices were accessed for corporate related apps and information.
- Attempts to access a private photos app occurred on 72% of the devices.
- An attempt to access an online banking app was observed on 43% of the devices.
- Access to social networking accounts and personal email were each attempted on over 60% of the devices.
- A “Saved Passwords” file was accessed from 57% of the phones.
- The most popular apps accessed were, in order: Contacts, Private Pictures, Social Networking, Webmail, and Passwords.
- There was an average time of 10.2 hours before an access attempt was made; with a median time of 59 minutes (based on actual access attempts).
What Can You Do to Protect Yourself?
Don't lose your phone.
You're carrying around a tiny computer with details about your life, family, money and job, treat it thusly. Never leave a phone unattended and be mindful of where it is at all times. And keep your phone from getting mixed up with the myriad of other white iPhones by adding a unique case or other idetnifier.
Set a password.
Use your phone's screen lock feature and make sure it's secured with a strrong password or passcode. It's simple to set up, less intrusive than you think, and is the easiest way to keep your data and information safe from prying eyes. If you're worried about a good samaritan finding your phone and not knowing where to return it, enable a feature or app like Find my iPhone, which lets you push a text to the lock screen with your contact information. Or go old school and set your lock screen background to a photo of your contact details.
The finders in the study took an average of one to 10 hours to attempt to access the phones from when they were lost. If your phone was lost or left behind, move fast to change social and banking passwords or remotely erase data (if its an option) before would-be fraudsters can get to them.