TMCnet News

If your smartphone is stolen, what it contains can hurt or protect you [Herald-Times, Bloomington, Ind.]
[December 13, 2012]

If your smartphone is stolen, what it contains can hurt or protect you [Herald-Times, Bloomington, Ind.]


(Herald-Times (Bloomington, IN) Via Acquire Media NewsEdge) Dec. 13--The most significant component of smartphone security is keeping your phone from being stolen.

David Blackwell learned that the hard way.

"We were out to eat and somebody snagged it," the Indiana University senior and Bloomington High School South graduate said this week. "I might have been in the bathroom or something, but one minute I had it and the next minute, it was gone." Blackwell used the best and most important security measure before his iPhone was stolen, however. He had its password or passcode protection turned on, meaning that no amateur could make a call, access information or do anything more than try to resell his phone without the code. Which happened a day later.



And that made the IU senior's second move a smart one as well. "I have a tracking device on my phone, so I just Googled how to use it, and if my phone was ever turned on, it would tell me where it's at," he said.

Blackwell received a mid-afternoon alert, rushed to a local place of business and found his phone there, sold by an unknown customer for what a clerk said was within the $10-$30 range that they pay for used phones -- even ones worth 10 times that price.


The IU football player walked away when the shop offered to sell it back to him. "I just went to the police," he said. "I told them where it was and what my password was, so it made it pretty easy to confirm it was my phone." Call it a happy ending of sorts. Blackwell got his phone back, but it wasn't working right.

Others aren't so lucky, when hackers extract banking and credit card account numbers and passwords as well as other sensitive information that can lead to the myriad complications of identity theft.

Indiana University information technology experts say smartphone and laptop computer thefts are exploding, with some sources putting the laptop rate at a theft every minute. An estimated 70 million smartphones are stolen every year.

That leads the IT experts to recommend treating your phone like your wallet -- protected at all times in public.

Beyond that, they offer a number of security tips that are easy to use and fairly painless to deal with.

After password or passcode protection, they recommend acquiring or simply turning on encryption software and setting up an automatic or remote data wipe.

Many devices, including popular iPhones, have data encryption devices built in, said IU information security officer Andrew Korty. For devices that don't automatically encrypt data, or turn it into unintelligible code, enabling encryption or buying an inexpensive app is easy, with little downside.

"At one time, I might have said it might slow down certain operations on the device, but nowadays with everything having solid state storage, encryption isn't going to introduce much overhead," Korty said.

The next level of protection is a data wipe -- virtually erasing the information on your smartphone so that even a good hacker can't get the passwords you've saved or used -- or the important business information your employer would not want to see compromised or shared.

Many phones have a wipe program a person can turn on that will trigger a data wipe based on a set number of incorrect password tries. After 10, 20 or whatever number of attempts the phone owner establishes as the limit, the phone automatically erases all data. It sounds harsh, but Korty made a compelling point.

"If you lose your phone, you're going to lose that data, anyway, right " he said. "That's why you need to back up your phone (either on a computer hard drive or cloud service)." The only downside to that, said Eric Cosens, IU deputy information officer, is the inadvertent erasure of information. "Let's say you have a family and little Johnny gets your phone and starts pounding on the phone and entering the wrong passcode multiple times," he said. "It can happen." Remote data wiping is available as well. Through that measure, a user either uses an app or a service to trigger an immediate remote data wipe when the phone owner fears that the phone is likely stolen.

Another tip is to be certain that wireless Bluetooth detection is not in "discoverable" mode. On some smartphones, people can forget to switch out of the mode, which enables anyone in the close proximity within, say, a coffeehouse, to tap into your phone wirelessly.

A mistake some make, too, is to "jailbreak" their phone, which is essentially hacking or overriding security on your own phone to get around issues you don't like, such as Apple's much-derided maps feature or At&T's infamous block on "tethering." "You couldn't set up your phone as a hot spot and connect your computer to it where there wasn't wi-fi," Korty explained. "A lot of people learned how to jailbreak their phone to get around that, but the problem is that they didn't realize they were turning off a whole lot of other security by doing it. It's basically turning your phone into an unprotected general purpose computer -- not a good idea." AT&T now allows tethering on some of its data plans.

And then there is the issue with smartphones and computers of password strength and security. "There is a tendency to do security in a weaker way on a smartphone than a computer because it's maybe harder to type in a strong passphrase on your phone than a computer. And that's exactly backwards," Korty said. "The phone is easier to steal. It's more exposed than your desktop computer. If anything, you want to use longer, stronger passphrases on our phones." Making the problem worse is the fact that many people, despite universal advice to the contrary, not only don't use strong passphrases with upper and lower case letters and numerals -- they tend to use easy-to-remember passwords or passphrases for several banking, credit card and other accounts. That means one stolen passphrase or password can give a thief access to multiple accounts.

Korty said that contrary to what some people say, it's not stupid to write down complicated individual passwords that you're not likely to remember. "It's what you do with what you write down," Korty said. "Treat the information like you treat your money or your credit cards. Protect it at all times." An easy way to have it both ways is to use an encrypted app or secure cloud service to store all of your passwords, he said. "The great thing is, you can store all of your passwords and phrases in one spot and have access at any time. There's one called 1password that's an app. And another popular one is LastPass, which has a service-based fee. They both work great and you'll never have to worry about forgetting a password or having it stolen." IU personnel and the general public can read security tips and "how-to's" by searching for IU Mobile and then, Mobile Device Security and also by searching for IU Technology Services' Knowledge Base.

___ (c)2012 the Herald-Times (Bloomington, Ind.) Visit the Herald-Times (Bloomington, Ind.) at www.heraldtimesonline.com Distributed by MCT Information Services

[ Back To TMCnet.com's Homepage ]