Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
1 In 10 US Smartphone Users Victims of Theft
Threaded  |  Newest First  |  Oldest First
Bprince
50%
50%
Bprince,
User Rank: Ninja
5/9/2014 | 2:39:12 AM
Losing your phone
The most mind blowing stat to me - someone would pay $1,000 for their phone back. Really? Also, I wonder where the liability lies when people lose work-supplied phones. Does your company make you pay the full amount for the phone?

BP

 
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
5/9/2014 | 3:55:22 AM
Re: Losing your phone
The data resented are congruent to the current mobile security scenario, we have an increasing number of new malware families designed for mobile platforms and the penetration level of mobile is surpassing the one of desktop PCs.

Wrong habits, poorly designed applications, lack adoption of defense solution and no awareness of principal cyber threats make mobile users very exposed.

That's life ... let's start to think to security by design
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
5/9/2014 | 7:27:22 AM
Re: Losing your phone
Agreed, @Bprince. It's like they would pay ransom for their family...photos. 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
5/9/2014 | 9:29:10 AM
Re: Losing your phone
I have a friend who works for a hospital in L.A. Someone grabbed her work iPhone from her purse while she was walking through a shopping mall. She had to pay $800 (retail) out of her own pocket to replace it 
Randy Naramore
50%
50%
Randy Naramore,
User Rank: Ninja
5/9/2014 | 3:31:59 PM
Re: Losing your phone
There are a couple different ways of looking at this, first it is the data you want back, back up the data peridically and then have the ability to wipe remotely. Secondly, get the insurance from your carrier and get it replaced. You would be out of pocket some but not $800.00. This is almost like ransom.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
5/9/2014 | 3:45:50 PM
Re: Losing your phone
It is like ransom but it makes me wonder how prevalent it is for corporate America to hold individual employees totally responsible when their company-owned devices get stolen. Seems like the company should buy the insurance....
Randy Naramore
0%
100%
Randy Naramore,
User Rank: Ninja
5/9/2014 | 4:03:47 PM
Re: Losing your phone
Exactly, but might be easier to get some kind of supplemental coverage so you are not responsible for the whole thing. 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
5/9/2014 | 4:12:18 PM
Re: Losing your phone
Good point. In my own case, my cell phone is for work and play -- and I pay for the insurance. So I'm covered...
MrTibbs
50%
50%
MrTibbs,
User Rank: Apprentice
5/12/2014 | 10:19:33 AM
second factor risk?
Why is it a "major risk is when a smartphone that's set up as a second factor of authentication gets stolen"?

The thief won't know the first factor (username/password). And if the device has encrypted storage and a lock screen, that should thwart them even more.

 
Randy Naramore
0%
100%
Randy Naramore,
User Rank: Ninja
5/12/2014 | 10:41:44 AM
Re: second factor risk?
Exactly, not sure the answer but the device is essentially a paper weight at this point. Encryption and multi-factor are the way to go to secure mobile devices.
Jeffrub1
50%
50%
Jeffrub1,
User Rank: Apprentice
5/13/2014 | 8:53:48 PM
The proposed "Kill Switch" in California
I'm surprised that the national theft rate is actually that low! Here in my hometown of San Francisco, law enforcement authorities say that 2/3 of all thefts are smartphones (replacing laptops and bicycles on the "most stolen" leader board). This highly opportunistic crime epidemic (which is often accompanied by violence) has grown large enough statewide that California's Senate just passed legislation (SB962) requiring all new cellphones to have anti-theft technology – a kill switch – that wipes and permanently disables the device in the hopes that widespread adoption will spoil the theft incentive.  How much this law would help secure corporate information compromised in stolen BYOD phones is unclear, but it certainly won't have an effect for a little longer since it still requires Assembly approval. But my guess is that it's just a matter of time before it's the standard. A question though, is whether hackers will quickly find workarounds, or worse still, find ways to obliterate broad numbers of phones remotely?


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-37146
PUBLISHED: 2021-09-28
An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows remote attackers to cause a Denial of Service in ros_comm via a crafted XMLRPC call.
CVE-2021-41534
PUBLISHED: 2021-09-28
A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the c...
CVE-2021-41535
PUBLISHED: 2021-09-28
A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13771).
CVE-2021-41536
PUBLISHED: 2021-09-28
A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13778).
CVE-2021-41537
PUBLISHED: 2021-09-28
A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13789).