Forbes covered the release of Symantec’s Smartphone Honey Stick Project. It was a nicely put together study that promised to tell us much about the risks associated with losing your phone. I read through it looking for the implications, particularly as we store and access more of our data in a Cloud using a smartphone. I was a little disappointed, though. Sure, if you drop your unprotected phone (no encryption, no password) in Chicago somebody is going to pick it up and explore your data, but that fact alone does not tell us about risks we don’t know about. If you are somehow surprised by these findings you need to reevaluate your self awareness.
What would be awesome is to see this study repeated with a mix of locked and unlocked, encrypted and unencrypted phones. THAT would tell us what the real risk profile looks like.
UPDATE, 4/11/2012: Marketplace.org published A plan to stop the rise in stolen cell phones. I was caught a little dumbstruck, since I presumed this simple solution was already in play. My favorite quote:
Chester Wisniewski of computer security firm Sophos says the new anti-theft policies could encourage thieves to go after the data on your mobile phone instead.
Instead? They’re already going after your data, just not effectively if the Symantec study is any indication (I expected the nosy phone finders to probe for personal data 100% of the time) . All this means is that the data miners might be the only ones in the business of stealing your phone going forward, which is to say if your mobile/handy/smartphone goes missing you can rest assured anything unprotected is going to be in the hands of the the bad guys. If you’re not already doing it on your mobile: password protect your device, encrypt your data and set the darned thing to wipe if it receives too many incorrect password attempts. I’d rather lose a piece of hardware than the data any day.