Who Is Collecting Data about Lost Smartphones?

I was curious about where the data came from for this graphic, so I dug a bit further. Mobile security provider, Lookout, aggregates the information from its 15 million smartphone customers in 170 countries around the world and publishes that aggregated information. (It’s all anonymous.) Most people lose their phones once a year. In some cities (such as New York), people lose their phones twice a year. So, if you want to know where people are most likely to lose their smartphones in Seoul (martial arts Dojo), London (pub), Philadelphia (car repair shop), or Atlanta (your office), you can find out at Lookout’s Mobile Lost and Found.

But most chilling were the results from the Smartphone Honey Stick Project run by Scott Wright’s company, Security Perspectives, in Ottawa and funded and publicized by Symantec. You can access the full report here. Scott did his first “honey stick project” in which he “lost” and tracked what happened to 54 USB memory drives that were configured with special tracking software, 35 of them were picked up and inserted into someone’s Internet-connected PCs and files were opened. In this most recent study, which Scott calls Phase 2, they deployed 50 smartphones with visible apps clearly labeled: mail, private pix, passwords, contacts, online banking, and some apps intended to mimic corporate apps, like HR Salaries, in public places (restaurants, buses, subways, etc.) in New York City, Washington D.C., Los Angeles and the San Francisco Bay Area, and Ottawa. The good news is that 50% of the people who found the phones attempted to return them. Here’s the bad news:

“1. 96 percent of lost smartphones were accessed by the finders of the devices

2. 89 percent of devices were accessed for personal related apps and information

3. 83 percent of devices were accessed for corporate related apps and information

4. 70 percent of devices were accessed for both business and personal related apps and information”

~ Key Findings: Symantec Smartphone Honey Stick Project

The bottom line: The current practice of carrying all the details of our lives around on our phones is quite risky. Companies like Symantec are trying to educate their corporate clients about good security practices for employees’ mobile phones (and provide them tools to wipe corporate data off of a misplaced phone). But a better solution would be to design phones that are more secure and private and very easy to locate, protect and to wipe, so that no prying eyes can retrieve any of our data.

When you travel, you need to be particularly vigilant. For example, most savvy business travelers do not even take their mobile phones or their laptops with them to China. They have learned that there is too much danger of having your phone scanned and all of your data stolen