A reporter at New Scientist handed over some borrowed cellphones and her own mobile device to “DiskLabs, a company that handles cellphone forensic analysis for UK police forces, but also for private companies and individuals snooping on suspect employees or wayward spouses.” She wanted to learn how much personal data can be gathered from cellphones and SIM cards.
A decade ago, our phones’ memories could just about handle text messages and a contacts book. These days, the latest smartphones incorporate GPS, Wi-Fi connectivity and motion sensors. They automatically download your emails and appointments from your office computer, and come with the ability to track other individuals in your immediate vicinity. And there’s a lot more to come. Among other things, you could be using the next generation of phones to keep tabs on your health, store cash and make small transactions – something that’s already happening in east Asia (see “Future phones”). […]
These changes could well be exploited in much the same way that email and the internet can be used to “phish” for personal information such as bank details. Indeed, some phone-related scams are already emerging, including one that uses reprogrammed cellphones to intercept passwords for other people’s online bank accounts. […]
According to the UK government’s Design and Technology Alliance Against Crime (DTAAC), 80 per cent of us carry information on our handsets that could be used to commit fraud – and about 16 per cent of us keep our bank details on our phones. […]
When [Neil Buck, a senior analyst at DiskLabs,] looked at my colleague’s iPhone, he found two 4-digit numbers stored in his address book under the names “M” and “V”. A search through his text messages revealed a few from Virgin informing him that a new credit card, ending in a specific number, had just been mailed to him. Buck guessed that “M” and “V” were PIN codes for the Virgin credit card and a Mastercard — and he proved to be correct on both counts. […]
So how can people go about making their phones more secure? Turning on the security settings is an important first step, says [Joe McGeehan, head of Toshiba’s research lab in Europe and leader of DTAAC’s Design Out Crime project], as this may dissuade potential thieves from going to the effort of trying to crack the codes. Then make sure you delete anything you want to keep secret, while bearing in mind that it is often possible to recover it (see “Phone security Q & A”). “I work on the basis that anything I put on there I’ve got to be prepared for people to see,” says McGeehan.