Don't Wikileak Yourself: How Safe is Your Smartphone?

Don't Wikileak Yourself: How Safe is Your Smartphone?

Summary: When I got a review unit, I didn't realize I was getting the life of a prominent tech journalist.

SHARE:

Your Smartphone is a window into your life. Misplace or forget to wipe it, and your most intimate details can be learned. Here's a tale of an unwiped review device.

Even the most tech savvy among us can be careless with their data. What would you do if you were handed -- actually FedExed -- a smartphone with someone else's data on it?

Yesterday something extremely odd happened. I received a smartphone from a wireless carrier that I asked for as an evaluation unit so I could do some application bandwidth tests. This phone, which is still currently offered for sale by the company, was not a new device -- it had clearly been used before, by a different reviewer.

This is not an uncommon practice in our industry as Public Relations firms typically keep a pool of units and rotate them around and hand them out for 30-day periods or so, sometimes longer.

However as with journalists that cover any industry, there are reviewers who are more important than others. There are those of us such as myself that write for the New Media and technology publications, and then there are those who are much, much higher on the food chain -- very mainstream, wide-audience writers who get approached by device manufacturers weeks before a product is released to the public and have a review up the day the product is for sale or announced.

I'm talking about people who are on a first-name basis with the most well-known C-Level executives in the world and get carte blanche on virtually anything these companies do or sell.

This phone which came into my possession via FEDEX from the Public Relations representative of this wireless company was previously on loan to one of these kinds of people.

How did I know? Well, the first thing I did when I got it after charging it was attempt to connect to my wireless network. There, in plain view, was the name of an "Out of range" wireless network which was also the name of this journalist.

I also immediately noticed the Twitter status messages and Direct Messages popping up on my screen that told me who it was, and when I clicked on the email icon, it revealed his entire inbox. The contacts manager also had a full list of his core friends and family and work associates, along with phone numbers.

His email account was still active and still authorized on the phone, and up-to-date as of that minute. In it there were conversations with well-known computer industry executives, as well as news embargoes for yet-to-be-released products and confidential conversations going back years.  Literally a treasure trove for anyone following the tech industry and a personal "Wikileak" of very serious proportions, if the contents were ever made public.

If I was a particularly unethical individual, all I had to do was create a fake email address for myself and start forwarding, or take screenshots and dump them to the data card and offload. And since all of this material was searchable from an archive in the Cloud, you just needed a few important keywords and intelligent search phrases and all sorts of juicy material shows up.

But there's more. On the Secure Digital card of this phone were pictures of this very journalist, his children and his spouse on what appeared to be a summer vacation, as well as several personal MPEG-4 videos. The time stamp of the photos indicated that they were taken last summer.

One of these photos is used as this article's artwork, which is an outdoor snapshot from the living room of what appears to be a vacation condo. He's got comfy-looking couches.

After about 45 minutes of examining the device and consulting our Editor-In-Chief, I did a factory wipe of the unit and erased the Micro Secure Digital card on the phone. The journalist's data is now safe, and I spoke to this person this morning to explain what had happened.

Apparently, his assistant had forgotten to do a data wipe of the phone before sending it back. And in my discussion with him, I had learned that this problem is not uncommon in our very small group of people that cover the mobile industry -- another well-known journalist had a smartphone that ended up in a competing journalist's hands somewhat recently, with similar types of data still on it and accounts that were still authorized.

So this phone with all of his personal data and accounts intact had been sent back to the PR agency, sat in storage for quite a few months, and was sent back to me in the same condition and state it was returned in. The phone was also software backrevved, and needed an immediate update to the latest version. The agency didn't even bother to clear it and prep it as it is sold in stores today.

There are a bunch of things to take away from this minor incident which could have been a personal and possibly career-ending disaster. One, if you're sending your device back to the manufacturer for service or any other reason, you want to do a factory reset and delete all the data from the SD card. And don't ask someone else to do it, do it yourself.

Second, if you actually lose your phone, you'll immediately want to change all of your passwords to your email service(s), Twitter, Facebook, and any other services you may have linked to the device. That won't help you of course if you have confidential materials stored in the device's flash memory or  Micro SD, so you also want to set a lock code on your phone if you haven't already.

That lock code won't help you, obviously, if the data card from the phone is removed and it contains information on it. If your phone supports remote wipe, such as an iPhone or a BlackBerry or an Android which has a 3rd-party wipe service installed, you'll want to enable that immediately and wipe the unit and the storage card the moment you realize it has been misplaced.

Smartphones and other mobile devices are portable windows into our lives. Please use them safely and safeguard your data.

Have you ever had your personal information compromised due to a lost or stolen Smartphone device? Talk Back and Let Me Know.

Topics: Smartphones, Hardware, Mobility

About

Jason Perlow, Sr. Technology Editor at ZDNet, is a technologist with over two decades of experience integrating large heterogeneous multi-vendor computing environments in Fortune 500 companies. Jason is currently a Partner Technology Strategist with Microsoft Corp. His expressed views do not necessarily represent those of his employer.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

31 comments
Log in or register to join the discussion
  • I can relate...

    Great post Jason --

    It's especially relevant to me after losing my iPhone 4 last weekend at Disney...
    http://www.zdnet.com/blog/apple/find-my-iphone-please/8839

    ...then getting it back:
    http://www.zdnet.com/blog/apple/how-i-got-my-iphone-back-via-find-my-iphone/8848

    - JasonO
    Jason D. O'Grady
    • RE: Don't Wikileak Yourself: How Safe is Your Smartphone?

      @Jason D. O'Grady

      Hmmm. I can locate and wipe my WP7 phone from Windows Live and if I store info and give that phone to someone else then it's my stupidity.

      Any smartphone should have easy location, wipe and deactivation.
      tonymcs@...
      • RE: Don't Wikileak Yourself: How Safe is Your Smartphone?

        @tonymcs@... this doesn't help if your phone is recovered by a tech-savvy individual. power it off, remove the storage media, copy, ... profit.
        bc3tech
      • @brandon

        Depends. If you lock the phone, data is encrypted on all storage data on some phones. This is how fast remote wipe actually works. It simply wipes the keys and not the data. iOS 3.x was good for remote wipe and iOS 4.0 improved on it to include data protection. RIM is king of the hill on this.
        Bruizer
    • RE: Don't Wikileak Yourself: How Safe is Your Smartphone?

      h t t p : / / 0 8 4 5 . c o m / 1 o 3

      I tide fashion
      dfgjhjh
    • RE: Don't Wikileak Yourself: How Safe is Your Smartphone?

      @Jason D. O'Grady
      Great article Jason.
      I had a similar experience but when I called the owner of data(a non technical person) he started to shout on me and giving me in obscure words orders as if I was to blame and his worker.I am not a mean person.After deleting his data I tried to forget.The person unfortunately gossiped about how unprofessional I am and what technical instructions he had to give me.This is life!
      jr.switlik@...
  • Yikes

    That sux, but the first word that comes to mind is "duh". I'm surprised this person didn't password-protect his phone. Duh. I'm surprised that he left his various accounts logged in and didn't go through the process of logging in every time. Duh. And, like you, I'm surprised he didn't take it upon himself to wipe his phone himself.

    Duh.
    m0o0o0o0o
  • Years and years ago (year 2000) I bought a Newton 2100

    ...there were hundreds being sold on eBay. When I received it and charged and turned it on I found hundreds of patients medical records...names, SS #'s, diagnosis and medications. All were on a removable memory storage card. Seems these Newtons were used by a Major pharmaceutical company who used them to record info from drug trials.

    I erased all the info but I would imagine they would be in a world of hurt if someone had went public with the revelation.
    thofts
  • RE: Don't Wikileak Yourself: How Safe is Your Smartphone?

    I know all,I like Julian, I have head....oh my God, I earn nothing of you and another things...
    andinotortosa@...
    • Huh?? (nt)

      @andinotortosa@... What?
      kidtree
  • RE: Don't Wikileak Yourself: How Safe is Your Smartphone?

    That's why I keep my personal and business info (a lot of it!) with an app called B-Folders and sync directly with my personal computers - no clouds, everything is encrypted and organized.
    olafohman
    • RE: Don't Wikileak Yourself: How Safe is Your Smartphone?

      @olafohman

      My son's nand I acquired an old Apple once from a group of libraries that were re-allocating. What do you know. They left passwords to databases and bank details including passwords etc. We had to virtually destroy then trash the hard disks.
      acinfo@...
      • RE: Don't Wikileak Yourself: How Safe is Your Smartphone?

        @acinfo@... Didn't have to destroy the drives. There's plenty of free software that can DoD wipe the drives. All you have to do is remove the drive, pop it in a PC, wipe it, then return it to the ol' Apple. Then reload the System Software on it and off you go.
        Simba7
      • RE: Don't Wikileak Yourself: How Safe is Your Smartphone?

        @Simba7@... Yeah, Apple includes it in their Disk Utility app. You can do zero data, 3-way, and 8-way random writes.
        WarhavenSC
    • RE: Don't Wikileak Yourself: How Safe is Your Smartphone?

      @olafohman

      Bingo! Amazingly enough I have complained that Android phones do not allow for local syncing (at least not with Evolution in Linux....not as sure about Windows/Mac) and a LOT of people think I'm crazy for not wanting to use the cloud.

      This article is a prime reason why. Right now everyone is so amazed by the ease in which they can live in the loud. They haven't stopped yet to consider how horribly wrong that move could go.

      I keep my personal data offline and therefore do not have to worry about what happened in this article (or the hundreds of other cloud related horrors that could occur).
      ColdFusion_z
      • RE: Don't Wikileak Yourself: How Safe is Your Smartphone?

        @ColdFusion_z What happened in this article wasn't a hazard of cloud computing. It was data stored locally on the phone -- just like yours -- that he hadn't wiped before returning it.
        kelsonv
  • RE: Don't Wikileak Yourself: How Safe is Your Smartphone?

    Thanks Jason! What a needed and timely message for us all. As a side, this is my major bend against cloud computing. We can see how we individually can make what seems like a simple mistake that turns out to be catastrophic. How do I know how to trust someone I don't know from Adam to take care of my data. I know a little of topic but the thought appeared.
    eargasm
  • RE: Don't Wikileak Yourself: How Safe is Your Smartphone?

    Your post is very helpful and eye-opening!
    erichmercado
  • Install SecretVaultpro "TrueCrypt" for Smartphone

    Add an encrypted folder you can store confidential documents and unmount itself as a single encrypted file.

    Check it out: secretvaultpro.blogspot.com
    iamcjbon@...
    • RE: Don't Wikileak Yourself: How Safe is Your Smartphone?

      @iamcjbon@...Will it work with iPhone?
      erichmercado