Finders of lost smartphones tend to snoop
According to an experiment carried out on behalf of Symantec by security expert Scott Wright, almost every other finder of a smartphone would try to access the phone owner's online banking. For the Smartphone Honey Stick Project, a total of 50 specially configured smartphones were deployed in five US cities; Wright left the devices in places such as public transport stops or shopping centres where mobile phones are typically left behind or lost. The installed software allowed him to monitor where devices were moved to and which apps were accessed by the finders.
The researcher found that apps were started in almost every case. Finders were particularly interested in a "Private Pix" app, which was accessed in 72% of cases. 60% of finders launched apps that appeared to give access to private email or social network accounts. A "Saved Passwords" file was accessed by 57% of finders. 43% were interested in "Online Banking". A total of 89% of finders attempted to access the smartphone owner's personal data.
Supposed links to corporate data also proved very popular: 53% cent of finders were interested in salary lists, 49% attempted to access a "Remote Admin" app, and 45% tried to access the smartphone user's business emails. In 83% of all cases, finders attempted to access corporate data. 66% of finders tried to log into apps that displayed a pre-filled log-in form when being started.
Of course, Wright didn't make things particularly difficult for the involuntary participants in his experiment: none of the specially configured smartphones were password protected. After switching on the found device, finders had full access to a phone whose home screen was brimming with alluring apps. Furthermore, legitimate reasons for accessing a found smartphone do exist: for example, in order to locate its owner. Half of the smartphone finders were not only inquisitive, they were also honest and informed the owner of the supposedly lost handset.