Prepare for and respond to a lost or stolen smartphone
San Francisco District Attorney George Gascon accuses phone companies of profiting from stolen phones, as Michael Scherer reported last month on Time's Swampland site. Gascon is one of several leading law-enforcement officials calling for carriers to be required to implement technology that permanently deactivates stolen phones. It is simply too easy for thieves to resell smartphones.
One year ago, the major cellphone services announced via the CTIA Wireless Association plans to create a database "designed to prevent GSM smartphones reported as stolen from being activated or provided service." The database was pledged to be operating by October 31, 2012.
The U.S. carriers also promised to "create a common database for LTE smartphones designed to prevent smartphones that are reported stolen by consumers from being activated or provided service on any LTE network in the U.S. and on appropriate international LTE stolen mobile smartphone databases. This database will be completed by November 30, 2013," according to the CTIA.
By the end of this month the companies promised to instruct their customers when they buy a phone or soon thereafter on how to apply a password to the phones to prevent unauthorized access. The cell providers also pledged to "[e]ducate consumers about applications to remotely lock/locate/erase data from smartphones" by the same date.
All four of the programs are "voluntary commitments." All but the creation of the stolen-phone database rely on phone users to activate screen locks, install remote lock/locate/erase apps, and report lost and stolen phones. On December 28, 2012, the CTIA released its most-recent progress report for each of its members (PDF).
The carriers now share their stolen-phone databases, but the companies' approach to theft prevention still relies on their customers. Until that changes, the only way to stem the tsunami of smartphone thefts is for users to change their behavior, before and after the phone goes AWOL.
Step one-and-a-half: Set a passcode for your phone
If you think some benevolent person who finds your lost phone will access its information only to determine the rightful owner so it can be returned, think again. In March 2012, security firm Symantec joined with Security Perspectives Inc. to purposely lose 50 smartphones and then tracked what happened next. As Kevin Haley reports on the Symantec blog, 96 percent of the time the person who found the phone viewed its data.
The Symantec Smartphone Honey Stick Project (PDF) reports that 60 percent of the finders attempted to access social media information and e-mail on the phones, which had been set up with simulated personal and corporate data. Eighty percent of the finders tried to open the corporate files stored on the phones, which had labels such as "HR Salaries" and "HR Cases."
In a post from last September, I explained how to prevent phone and tablet theft. That tip focused on iPhones and iPads; a follow-up post explained how to lock down and find Android and Windows phones. Both posts include the steps for enabling your phone's passcode feature.
But the single most important preventive measure -- even more important than using a passcode -- is to be aware of your surroundings. People become so wrapped up in whatever is on their phone's screen that they tend not to notice trouble approaching. Since thieves consider your smartphone their personal ATM, maybe you should treat the device like cash. That means keep it out of sight, don't leave it unattended, and don't lend it to strangers who just need to make a quick call to make sure their grandmother is OK.
Are automated cellphone-purchasing kiosks making things worse?
Cellphone theft is an international problem. Washington, D.C., Police Chief Cathy Lanier recently accused businesses of facilitating the sale of stolen phones overseas, as reported by the Washington Post in February.
According to the Washington Post's Cecilia Kang, the Washington, D.C., police recently found six phones stolen from residents of the District in an ecoATM automated cellphone-purchasing kiosk located in the suburbs.
Debbi Baker reported last week on the U-T San Diego site that a woman whose iPhone was stolen while she was shopping used the free Find My iPhone app to locate the device in an ecoATM at a nearby mall.
Baker quotes El Cajon, Calif., police Lt. Jeff Arvan as applauding ecoATM's willingness to work with law-enforcement agencies to deter the resale of stolen phones, but Arvan points out that criminals don't worry much about anticrime procedures.
EmoticonEmoticon