Sunday, December 25, 2016

The Mobile Phone Is Your Private Property

This morning, when I was on my morning walk, a person came out of a construction site and was requeting me to lend my phone to make a phone call. I was not comfortable lending my phone primarily for three reasons: First he is a stranger to me; Second, he seem to be working in the construction site and he should have sought help from those around in his workplace as they would be more comfortable helping him; Third, my mobile is my private identity and would not want a stranger to use impersonate me. I did not lend my phone on that occasion.

How about you? Would you mind lending your phone for such requests? I understand, the answer will be "it depends." Thank's to "Selfie" feature, seeking help from a stranger to take a snap on the mobile phone is not required any more. Any ways, I thought it would be useful to list out the concerns, so that one can decide how safe is to part with one's smart phone. These apply for stolen / lost mobile phones as well.

Your Phone Contains Sensitive Information

You have your email configured on your mobile and typically, it does not expect you to login every time you use your mail app on your mobile. So lending a phone may allow the stranger gaining access to your emails and depending the duration it remains with such stranger, the impact of such compromise could be larger. Similarly, all your social media accounts do not expect any additional authentication. It is needless to say that what a smart or malicious stranger could do with access to your social media accounts. Exposing all the intimate details of our lives because of a lost, stolen or hacked phone is a serious issue.

Banking / Payment Applications

"There is an App for everything". Yes, every bank and the investment advisors are rolling out their own Apps with pre-stored credentials for the mobile savvy customers. Mobile users, find it convenient to use such an App, without having to login every time. However, the issue of how many such Apps will you install on your mobile phone is an issue to be discussed in a separate blog. For the purpose this blog let us consider the prevailing App culture. Driven by the Digital economy, there are humpteen number of Payment / eWallet Apps out in the store. The user convenience always wins over the security requirements and as such most such Apps doesn't requie a login to initiate a payment. This could be a potential risk one should be aware of and be careful about.

Personal & Corporate Information

If you are working for an organization, it is most likely that you would have setup your corporate email account as well on your smart phone and there you go, you are putting your organization's data / information at risk. Your organization would have a BYOD policy and procedure, stating what precautions you should take on the corporate data that you use or access using your smart phone. If you are an senior level executive, it is likely that you will have access to your organizational applications configured on your mobile. This includes compromise of your or your organization's cloud storage if any configured on the phone.

Illegitimate Calls / Messages

In addition to your device, your mobile phone number (SIM) is very well linked to your identity. As such any calls or message that such a stranger sends using your phone will be logged against your identity and you are responsible and answerable for consequences if any that may arise out of such calls or messages. Even if the activity is legitimate, it may be possible that the other person might call or message you back in future with or without any specific intent.

AVAST did a research in February 2016 and according to them, their researchers were able to recover the following files from the 20 phones that were sold:

  • More than 1,200 photos
  • More than 200 photos with adult content
  • 149 photos of children
  • More than 300 emails and text messages
  • More than 260 Google searches, including 170 searches for adult content
  • Two previous owners’ identities
  • Three invoices
  • One working contract
  • One adult video

Given the ever evolving capabilities of the smart phones, the devices are increasingly becoming one's identity and as such should be handled with care and caution, or else one has to face the consequences that may arise as a result of such compromise.