Mobile
5/8/2014
04:40 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

1 In 10 US Smartphone Users Victims of Theft

And 10 percent of smartphone loss and theft victims lose confidential business information with their stolen devices.

Smartphone theft is serious business in the US these days and even more worrisome with the BYOD boom in the business world. A new study finds that one in ten smartphone users are victims of device theft, and only 30 percent actually get their stolen smartphones back.

The greatest number of thefts happen when a smartphone user inadvertently leaves his phone in a public place (44 percent). Restaurants are the most common places where that occurs (16 percent), followed by a burglarized car or house (14 percent), a bar or nightclub (11 percent), work (11 percent), public transportation (6 percent), and on the street (5 percent). Some 40 percent of victims say their smartphones were stolen between lunchtime and close of business, noon to 5:00 p.m., and it took them on average one hour to realize the device was missing.

The bad news for enterprises is that 10 percent of smartphone loss and theft victims lost confidential business information with the device, according to mobile security provider Lookout's "Phone Theft in America" report, which gathered information from 2,000 smartphone theft victims in the US, UK, France, and Germany.

Some 12 percent of victims were hit with fraudulent charges on their stolen smartphones, and 9 percent, identity theft. Nearly half report time and productivity loss in the wake of the phone theft. Around 90 percent say they tried to reclaim their phones, with 60 percent of those filing police reports.

Interestingly, the majority are willing to go all vigilante in order to retrieve their phones -- 70 percent say they would even put themselves in physical danger if that's what it took to get their phones back. Others would pay a ransom, with one in three phone victims saying they would shell out $1,000 or more to retrieve the sensitive data on their phones, while half of them would pay $500.

Alicia DiVittorio, director of security communications at Lookout, says the key to protecting smartphones from theft is having a passcode, a find-my-phone app, and to remain vigilant about the phone's whereabouts. iPhones and Androids are most commonly targets, with 39 percent of victims reporting stolen iPhones and 33 percent, stolen Androids.

A major risk is when a smartphone that's set up as a second factor of authentication gets stolen. "The value of the data, whether it's personal or corporate, data on smartphones these days is well over the value of the actual smartphone. From a security perspective, the danger of a lost or stolen phone is that it may give savvy criminals access to your work resources with an unprotected smartphone," says Ralph Logan, CEO of big-data analysis firm Kiku Software. "If a thief has access to your phone -- and it is the second factor of authentication -- then they hold the keys to the corporate network at your access level."

Logan should know: His iPhone 5 was pilfered from his coat pocket last fall while at a pub in Dublin. He had locked his device with "Find My iPhone" enabled, so he messaged the phone in hopes someone would return it. Weeks later, he received a message via Twitter from a man saying he had found the phone and would return it to Logan if he provided his Apple ID and password, a list of five contact numbers on the phone, and his full name, phone number, and address.

The Apple ID and password request was a dead giveaway that the scammer was trying to make a buck off of the stolen iPhone: Those credentials were required to reinstall iOS on the locked iPhone. So Logan decided to turn the tables on the scammer, and was able to find out the scammer's real name, real email address, his girlfriend's name, and his brother's name. So when the scammer, who went by "Lee," contacted Logan once again, he let him have it and told him he knew his real identity and that he had the stolen iPhone. He gave "Lee" an ultimatum to drop off the phone at a Dublin office, which was poised to ship the phone back to Logan. The plan worked.

But not all smartphone theft victims are security experts like Logan. Others must rely on law enforcement and their phone-tracing apps. Take Robert Thompson, an Orlando, Fla., restaurant and nightclub designer who last summer was held up at gunpoint for his cash, ID, and Android HTC1 while doing some woodworking behind a restaurant. "He held a gun to my head," says Thompson, who was one of seven different victims hit in a crime spree across a 15-mile radius over a couple of days in late July.

Thompson had synched his phone and computer, so he quickly logged onto his laptop -- which was safely sitting inside the restaurant -- and ran his missing device Locate app from Lookout: "I watched my phone go down the highway," he says of the thief's getaway. He had in the meantime called the police, who were able to locate the thief via the information Thompson provided from the smartphone tracker and make an arrest within minutes. They also later arrested other members of the crime gang, which also had staged a home invasion and stolen a car, money, and smartphones from their victims.

The full Lookout report is available here for download.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Jeffrub1
50%
50%
Jeffrub1,
User Rank: Apprentice
5/13/2014 | 8:53:48 PM
The proposed "Kill Switch" in California
I'm surprised that the national theft rate is actually that low! Here in my hometown of San Francisco, law enforcement authorities say that 2/3 of all thefts are smartphones (replacing laptops and bicycles on the "most stolen" leader board). This highly opportunistic crime epidemic (which is often accompanied by violence) has grown large enough statewide that California's Senate just passed legislation (SB962) requiring all new cellphones to have anti-theft technology – a kill switch – that wipes and permanently disables the device in the hopes that widespread adoption will spoil the theft incentive.  How much this law would help secure corporate information compromised in stolen BYOD phones is unclear, but it certainly won't have an effect for a little longer since it still requires Assembly approval. But my guess is that it's just a matter of time before it's the standard. A question though, is whether hackers will quickly find workarounds, or worse still, find ways to obliterate broad numbers of phones remotely?
Randy Naramore
0%
100%
Randy Naramore,
User Rank: Ninja
5/12/2014 | 10:41:44 AM
Re: second factor risk?
Exactly, not sure the answer but the device is essentially a paper weight at this point. Encryption and multi-factor are the way to go to secure mobile devices.
MrTibbs
50%
50%
MrTibbs,
User Rank: Apprentice
5/12/2014 | 10:19:33 AM
second factor risk?
Why is it a "major risk is when a smartphone that's set up as a second factor of authentication gets stolen"?

The thief won't know the first factor (username/password). And if the device has encrypted storage and a lock screen, that should thwart them even more.

 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
5/9/2014 | 4:12:18 PM
Re: Losing your phone
Good point. In my own case, my cell phone is for work and play -- and I pay for the insurance. So I'm covered...
Randy Naramore
0%
100%
Randy Naramore,
User Rank: Ninja
5/9/2014 | 4:03:47 PM
Re: Losing your phone
Exactly, but might be easier to get some kind of supplemental coverage so you are not responsible for the whole thing. 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
5/9/2014 | 3:45:50 PM
Re: Losing your phone
It is like ransom but it makes me wonder how prevalent it is for corporate America to hold individual employees totally responsible when their company-owned devices get stolen. Seems like the company should buy the insurance....
Randy Naramore
50%
50%
Randy Naramore,
User Rank: Ninja
5/9/2014 | 3:31:59 PM
Re: Losing your phone
There are a couple different ways of looking at this, first it is the data you want back, back up the data peridically and then have the ability to wipe remotely. Secondly, get the insurance from your carrier and get it replaced. You would be out of pocket some but not $800.00. This is almost like ransom.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
5/9/2014 | 9:29:10 AM
Re: Losing your phone
I have a friend who works for a hospital in L.A. Someone grabbed her work iPhone from her purse while she was walking through a shopping mall. She had to pay $800 (retail) out of her own pocket to replace it 
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
5/9/2014 | 7:27:22 AM
Re: Losing your phone
Agreed, @Bprince. It's like they would pay ransom for their family...photos. 
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
5/9/2014 | 3:55:22 AM
Re: Losing your phone
The data resented are congruent to the current mobile security scenario, we have an increasing number of new malware families designed for mobile platforms and the penetration level of mobile is surpassing the one of desktop PCs.

Wrong habits, poorly designed applications, lack adoption of defense solution and no awareness of principal cyber threats make mobile users very exposed.

That's life ... let's start to think to security by design
Page 1 / 2   >   >>
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
DNS Threats: What Every Enterprise Should Know
Domain Name System exploits could put your data at risk. Here's some advice on how to avoid them.
Flash Poll
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If you’re still focused on securing endpoints, you’ve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Tim Wilson speaks to two experts on vulnerability research – independent consultant Jeremiah Grossman and Black Duck Software’s Mike Pittenger – about the latest wave of vulnerabilities being exploited by online attackers