Friday, July 24, 2009

How Losing Your Phone Could Cost You

Today’s mobile phones store a whole lot of your personal information. Here’s what you need to do to protect the data on your phone...

A lost or stolen smartphone is more than just an inconvenience.It can lead to identity fraud or corporate espionage,and even compromise the integrity of your medical records.In March, Connecticut-based security vendor Credent Technologies reported that 80 percent of users store on their phones information needed for identity fraud. Based on a survey of 600 commuters in London railway stations, the study also found that 24 percent of cell phone owners store PINs and passwords on a handset, 11 percent store personal identification info, and 10 percent store credit card numbers. If your mobile phone is stolen, the thief can do a reverse lookup of your cell number to obtain your name and address. That and a stored credit card number can lead to “account takeover,” where the thief changes an existing account’s billing address. And unless your card issuer calls you, the absence of your monthly statement might go unnoticed. With such info, a thief could also open new accounts using your name. As you often wouldn’t know these accounts are being opened, this problem can take much longer to resolve. And if you use your phone to access e-mail, a thief might too.

Put Your Phone on Lockdown

The best way to keep your e-mail accounts secure is to lock your mobile phone when you’re not using it—a password lock, that is. (The Credent survey found that some 40 percent of users didn’t employ a password to lock their phones.) For the iPhone, arguably the most popular mobile phone today, you’ll want to combine Auto-Lock, enabled by default to turn off the screen-based keypad after a preset amount of time, with Passcode Lock, to turn the phone on manually. To enable the latter, tap Settings, then General, then Passcode Lock. Tap Turn Passcode On, and then enter a secure password. For other phones, check the tools or settings section. Samsung’s Mobile Tracker feature silently sends two text messages to numbers programmed in by the phone’s rightful owner as soon as the SIM gets swapped. The text messages contain the new SIM’s phone number, so even if you lost your phone, you can hound the thief till he gets a new number and another new number and so on....

Protect Company Info

Many people also use mobile phones for remote access to their workplaces. Since nearly half of mobile phone users don’t lock or otherwise restrict access, thieves may use such a vulnerable stolen phone to gain access to an employer’s internal network.

Security vendors such as Lumension now offer businesses an application Click ME that allows your employer to lock a lost phone or erase sensitive data remotely (currently available only for Windows Mobile); for the iPhone, Apple has a remote-wipe feature .Another step to protect stored data is to disable Bluetooth. Although it’s a short-range signal, some malware uses Bluetooth to suck data from your phone surreptitiously. Also, while most mobile phones use cellular connections to access the Internet, the iPhone has a Wi-Fi option for faster, high-bandwidth applications like streaming video. That opens up the possibility of connecting to rogue Wi-Fi networks full of keylogging malware.
To turn off Wi-Fi or set a prompt for each new connection, touch iPhone Settings• Wi-Fi; then select accordingly.

Stop Mobile Bank Heists

Have you recently started using mobile banking? The good news is that generally no personal banking data—such as your account information—is kept on the phone itself. However, a criminal can still use your phone to access your bank accounts directly.

Mobile banking sessions occur in one of three ways: You download an app to your phone; the bank exchanges encrypted SMS messages with your phone; or the bank uses your phone’s mobile browser to show account information.

In any case, notify your bank—shortly after you notify your cellular carrier—of any lost or stolen phone. If the bank uses a client-side application, it can remotely disable it. If the bank uses the interchange of SMS or a mobile browser connection, its device ID service can block contact from the stolen phone.

Protect or Detect

A host of third party software is available that will not only protect your data, it will ensure that the mobile thief will never enjoy his newest heist. These include PhoneBAK Mobilephone, Guardian 2.1, Gadget Trak and WIMP. These software send out SMSes using the thief ’s SIM card to pre-defined numbers, that contain IMEI, IMSI*, Area Code and Cell ID*.You can also
get the phone’s GPS location (if your phone has internal GPS) and wipe out sensitive personal data stored on the device and media card.