Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Symantec experiment reveals dangers of stolen phones

Veronica C. Silva | April 2, 2012
Finders of 'lost' phones tried to access data on phones.

Mobile device users have been warned time and again of the dangers should their mobile devices be stolen. To prove these dangers, Symantec has recently revealed the results of its experiment on what really happens to phones if they are stolen.

The Symantec study -- dubbed the Symantec Smartphoney Honey Stick Project -- involving 50 'lost' smartphones revealed that 96 percent of these phones are accessed by finders of the devices.  Symantec explained that this may be due to curiosity, particularly when it comes to accessing personal information. Among the personal data that the finders access on the 'lost' smartphones include social networking, online banking, photos, and "saved passwords."

The study was conducted in four major US cities (New York City, Washington D.C., Los Angeles and the San Francisco Bay Area) and Ottawa, Canada.

Symantec provided the smartphones with simulated corporate and personal data to test what will happen to these data. No security features, such as security software and passwords, were provided for the smartphones before they were left in public, high-traffic areas such as elevators, malls, food courts, public transit stops. Symantec added in the smartphones some capabilities to monitor what happens to the smartphones after they were found. 


The study also noted that when a business-connected mobile device is lost, there is more than an 80 percent chance that there is an attempt to breach the corporate data and/or networks. Examples of corporate information access included corporate e-mail, and files titled "HR Salaries" and "HR Cases".

Symantec said the experiment demonstrates the "high risks" involved if mobile devices are not properly managed. The security company then recommends that companies should set policies on security and data/data management.

"The theft or accidental loss of a smartphone can expose businesses and individuals to loss of any data stored on the device, as well as data residing in corporate systems or cloud applications to which the device might have direct connection," said Lawrence Li, systems engineering manager, Symantec Hong Kong. "Companies and individuals should take all necessary precautions to protect sensitive information from unauthorised access."

Symantec suggests that companies should educate their employees about the risks involved in owning mobile devices. Companies should also take an inventory of mobile devices connected to their network.


Sign up for Computerworld eNewsletters.