Symantec tempts people with 'lost' phones - and finds them wanting

Posted by Emma Woollacott

Lost your phone? There's a very high chance that whoever found it has been nosing around in your personal data.

When Symantec staffer Kevin Haley's wife was mugged, her phone remained safe - but Haley started wondering just how much the thieves might know about her if they'd got that too.

So he scattered 50 phones about the place in five US cities, and sat back to see what happened.

The phones were loaded with a collection of simulated corporate and personal data, along with the capability to remotely monitor what happened to them once they were found.

For a start, only half of the people who found a phone made any attempt to return it. Just as alarmingly, to Haley's mind, 96 percent of finders accessed data on the device - way beyond anything necessary to try and identify the owner.

Six out of 10 attempted to view social media information and email, and a stonking eight out of 10 tried to access corporate information, including files clearly marked as 'HR Salaries' and 'HR Cases'. Even complete strangers' pay is fascinating, it seems.

"If you are in any way associated with securing a company's valuable information, those are pretty striking numbers," says Haley.

"Our 'honey stick' smartphones also had an application that appeared to allow access to a remote computer or network. Surely, people wouldn't go that far. Well, one out of every two finders tried to run the 'Remote Admin' app."

Nearly three quarters of finders accessed an app displaying 'private pix', and nearly half tried to get into an online banking app.

To be fair, it must be a great temptation to have a little snoop around - or maybe that's just us journalists. It's simply an aspect of human nature that we should all bear in mind, says Haley.

"The point of all of this is not to say that people are bad. It's that people are naturally curious and when temptation is put in front of them they tend to bite the apple (some take many bites)," he says.

"The lesson to take away here is that we have to protect our mobile devices."