Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

5/8/2014
04:40 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

1 In 10 US Smartphone Users Victims of Theft

And 10 percent of smartphone loss and theft victims lose confidential business information with their stolen devices.

Smartphone theft is serious business in the US these days and even more worrisome with the BYOD boom in the business world. A new study finds that one in ten smartphone users are victims of device theft, and only 30 percent actually get their stolen smartphones back.

The greatest number of thefts happen when a smartphone user inadvertently leaves his phone in a public place (44 percent). Restaurants are the most common places where that occurs (16 percent), followed by a burglarized car or house (14 percent), a bar or nightclub (11 percent), work (11 percent), public transportation (6 percent), and on the street (5 percent). Some 40 percent of victims say their smartphones were stolen between lunchtime and close of business, noon to 5:00 p.m., and it took them on average one hour to realize the device was missing.

The bad news for enterprises is that 10 percent of smartphone loss and theft victims lost confidential business information with the device, according to mobile security provider Lookout's "Phone Theft in America" report, which gathered information from 2,000 smartphone theft victims in the US, UK, France, and Germany.

Some 12 percent of victims were hit with fraudulent charges on their stolen smartphones, and 9 percent, identity theft. Nearly half report time and productivity loss in the wake of the phone theft. Around 90 percent say they tried to reclaim their phones, with 60 percent of those filing police reports.

Interestingly, the majority are willing to go all vigilante in order to retrieve their phones -- 70 percent say they would even put themselves in physical danger if that's what it took to get their phones back. Others would pay a ransom, with one in three phone victims saying they would shell out $1,000 or more to retrieve the sensitive data on their phones, while half of them would pay $500.

Alicia DiVittorio, director of security communications at Lookout, says the key to protecting smartphones from theft is having a passcode, a find-my-phone app, and to remain vigilant about the phone's whereabouts. iPhones and Androids are most commonly targets, with 39 percent of victims reporting stolen iPhones and 33 percent, stolen Androids.

A major risk is when a smartphone that's set up as a second factor of authentication gets stolen. "The value of the data, whether it's personal or corporate, data on smartphones these days is well over the value of the actual smartphone. From a security perspective, the danger of a lost or stolen phone is that it may give savvy criminals access to your work resources with an unprotected smartphone," says Ralph Logan, CEO of big-data analysis firm Kiku Software. "If a thief has access to your phone -- and it is the second factor of authentication -- then they hold the keys to the corporate network at your access level."

Logan should know: His iPhone 5 was pilfered from his coat pocket last fall while at a pub in Dublin. He had locked his device with "Find My iPhone" enabled, so he messaged the phone in hopes someone would return it. Weeks later, he received a message via Twitter from a man saying he had found the phone and would return it to Logan if he provided his Apple ID and password, a list of five contact numbers on the phone, and his full name, phone number, and address.

The Apple ID and password request was a dead giveaway that the scammer was trying to make a buck off of the stolen iPhone: Those credentials were required to reinstall iOS on the locked iPhone. So Logan decided to turn the tables on the scammer, and was able to find out the scammer's real name, real email address, his girlfriend's name, and his brother's name. So when the scammer, who went by "Lee," contacted Logan once again, he let him have it and told him he knew his real identity and that he had the stolen iPhone. He gave "Lee" an ultimatum to drop off the phone at a Dublin office, which was poised to ship the phone back to Logan. The plan worked.

But not all smartphone theft victims are security experts like Logan. Others must rely on law enforcement and their phone-tracing apps. Take Robert Thompson, an Orlando, Fla., restaurant and nightclub designer who last summer was held up at gunpoint for his cash, ID, and Android HTC1 while doing some woodworking behind a restaurant. "He held a gun to my head," says Thompson, who was one of seven different victims hit in a crime spree across a 15-mile radius over a couple of days in late July.

Thompson had synched his phone and computer, so he quickly logged onto his laptop -- which was safely sitting inside the restaurant -- and ran his missing device Locate app from Lookout: "I watched my phone go down the highway," he says of the thief's getaway. He had in the meantime called the police, who were able to locate the thief via the information Thompson provided from the smartphone tracker and make an arrest within minutes. They also later arrested other members of the crime gang, which also had staged a home invasion and stolen a car, money, and smartphones from their victims.

The full Lookout report is available here for download.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
Bprince
50%
50%
Bprince,
User Rank: Ninja
5/9/2014 | 2:39:12 AM
Losing your phone
The most mind blowing stat to me - someone would pay $1,000 for their phone back. Really? Also, I wonder where the liability lies when people lose work-supplied phones. Does your company make you pay the full amount for the phone?

BP

 
<<   <   Page 2 / 2
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21574
PUBLISHED: 2021-06-24
Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.
CVE-2021-32708
PUBLISHED: 2021-06-24
Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the pa...
CVE-2020-18667
PUBLISHED: 2021-06-24
SQL Injection vulnerability in WebPort &lt;=1.19.1 via the new connection, parameter name in type-conn.
CVE-2021-21571
PUBLISHED: 2021-06-24
Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service and p...
CVE-2021-21572
PUBLISHED: 2021-06-24
Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.