Lock it, or lose it

gallery

How many expensive mobile handsets were left in cabs – or fell into the hands of Barcelona’s ever-resourceful pickpockets – during this week’s Mobile World Congress? There is every chance it will be thousands, at the very least.

This writer is rather paranoid about losing phones and – so far – has avoided doing so. But we recently had the chance to lock and wipe an iPhone. It’s a remarkably satisfying experience.

Assuming you have a Mobile Me account, you can lock a lost or stolen handset, completely wipe its contents, or even send a message to the phone that will appear if anyone tries to use it (the message is accompanied by a noise that our “thief” said is pretty loud).

If you have set this up in iTunes – and unfortunately you have to do this in advance – you can use GPS tracking to locate a lost handset. Rather more bizarrely, French software developer Little Worlds Studio has developed an iPhone application called Where’s My Phone, which allows you to whistle to find a mislaid handset.

None of these technologies are particularly effective, though, if users fail to set passwords or take other elementary security precautions. Staying with our iPhone example, the remote lock and wipe is pretty swift, especially on the iPhone 3GS. This is because the 3GS – the model we tested – supports encryption.

So all Apple has to do is send a command to delete the encryption key and the data on the device is rendered useless.

However, a thief could take advantage of the fact that smartphone users don’t always notice that a handset is lost or stolen, and transfer the data before the remote wipe command arrives. Setting a (strong) password makes that much, much less likely.

It also sidesteps another measure a thief more interested in data, rather than simply a dodgy handset can take: removing the SIM card and disabling the wireless LAN so the handset cannot receive a remote wipe command.

But how many business phone users actually bother even to set a password? There are few meaningful statistics, but anecdotal evidence suggests it is a small minority of users.

The percentage of users bringing their own handsets to work, who set any form of password at all, is likely to be even smaller.

We have even heard of one NHS Trust setting up BlackBerry devices for staff – bought because of their strong security features – with an NHS email address but no password, and then sending them to doctors in the post.

A lack of adequate security on mobile devices is not only foolish and short sighted, it is inexcusable.

All the main mobile platforms now support some form of device management and security enforcement, either through platforms such as the BlackBerry Enterprise Server or Microsoft’s System Center Device Manager, or through third party management utilities such as Innopath or LogMeIn.

But every device supports a password or PIN. A simple email reminding users to set one up – and turn off encryption if their device supports it – will avoid a lot of potential trouble later on. Even if it does reduce the living standards of Barcelona’s criminal classes.

Stephen Pritchard is a contributing editor at IT PRO. Comments? Questions? You can email him here.

Email to a friend

Print this page