Mobile Device Theft : How They Get Into Your Locked Phone And What You Can Do

Everybody hates losing things. It drives you mad looking in the same places thinking a magic gnome will put your item back. Usually that doesn’t happen. Especially when it’s a highly desired product such as a mobile device. Mobile devices are becoming a leading target for theft since they can carry as much sensitive data as a standard laptop. Hackers can steal your photos, instant messages and web history. Some mobile app leverage cookies that never expire meaning hackers could essentially access sensitive websites such as your bank account through replaying old sessions.

How are these types of hacks executed? For iOS products, a hacker could take your device, spend 10 minutes jailbreaking it so they can install a remote Trojan / Administration app before returning it. This would permit the hacker unlimited continuous access into your life. Another option is dumping the records on their computer to go through later and selling the hardware on ebay. Either way, you have been PWN3D and possible put your employer as well as family at risk of future attacks.

These are just some of the methods used if your device is stolen. See this post regarding an attack calling your phone and remotely hacking your voicemail HERE

There are things you can do to defend against mobile device theft outside not misplacing your phone. Most manufactures offer password protection as well as limiting information exposed pre-login (IE not displaying text messages or other alerts until the phone is unlocked). Enable password features and stay away from easy passwords such as a row of numbers (1234) or the same number (4444). Some devices offer more complex password options than PINs which is great if available. Shorten the sleep/auto lock timer so the window your device is unlocked is limited in the event its stolen. When you are not using your device, press the lock button. Many mobile device screens absorb fingerprints after use, which make it easy for hackers to guess your password. Consider a protection screen that includes fingerprint resistants. Some devices offer location and remote wiping services that can be used to locate and secure lost or stolen devices. Also make sure to notify your employer if a device containing cooperate email or other sensitive services is stolen.

Employers should take securing mobile devices accessing cooperate data very seriously. Some approaches to improve mobile device security are utilizing endpoint management products such as Mobile Iron or Zenprise to enable features described above as well as check for Jailbroken devices (More info on this subject can be found HERE). Employees may not be willing to apply security applications on their mobile devices, which IT could focus on protecting the network as well as data that rests on mobile devices as an alternative to MDM (mobile device management). Some examples are using access control technology to check if mobile device meets company standards before permitting access. Other options are leveraging Data Loss Prevention (DLP) technology, which stops sensitive data from moving to a mobile device or encrypting that data with additional authentication to access. Sandbox solutions are an alternative by locking down the data in a secure session that expires after use (example is Good Technology). Another important function to consider is enforcing VPN tunnels whenever a mobile device accesses data outside of the internal network. This protects against common man in the middle attacks targeted at mobile devices using open wireless networks.

The good news for employers is there are many options for securing mobile devices and the data they use. The investment in mobile security should at a minimal match securing other devices with sensitive data such as laptops and servers. Don’t let mobile devices be the weakest link into your network!

VN:F [1.9.22_1171]
Rating: 3.5/5 (4 votes cast)
Mobile Device Theft : How They Get Into Your Locked Phone And What You Can Do, 3.5 out of 5 based on 4 ratings

3 thoughts on “Mobile Device Theft : How They Get Into Your Locked Phone And What You Can Do”

  1. In addition to setting a passcode and timeouts you failed to mention “Find My iPhone”.

    This is a free tool provided by Apple. You enable “Find My iPhone” which can be turned on as part of Apple’s free iCloud service. (You don’t need to turn on all the other features – you can just enable “Find My iPhone” if you want.)

    Once you turn this on, you (as an individual) can locate your device, wipe, lock, or play a very loud sound (great for a “temporary” lost device in your house!). You don’t have to use your Apple ID for this – you can set up a separate ID. This is useful for families who can share a single access ID, and enable all devices together.

    By the way, using “Find my iPhone” works in conjunction with corporate MDM systems that may also provide overlapping functionality. However, rather than having to call “the IT department” you have control over your own device!

    Newer business “in house” apps also are written to avoid the use of VPN, which is challenging to set up and sometimes slow to use. Alternative approaches to MDM include MAM (mobile application management) solutions provided by companies such as Apperian which protect corporate apps and data, but without the central control required by MDM.

    VA:F [1.9.22_1171]
    Rating: 2.0/5 (1 vote cast)
  2. In addition, to Mr. Buser’s comments. Android also has a similar apps in the marketplace which also work similar to the “Find My iPhone.” It could be of use to those not using Apple smartphones.

    VA:F [1.9.22_1171]
    Rating: 5.0/5 (1 vote cast)

Leave a Reply

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.