Don't Wikileak Yourself: How Safe is Your Smartphone?

When I got a review unit, I didn't realize I was getting the life of a prominent tech journalist.
Written by Jason Perlow, Senior Contributing Writer

Your Smartphone is a window into your life. Misplace or forget to wipe it, and your most intimate details can be learned. Here's a tale of an unwiped review device.

Even the most tech savvy among us can be careless with their data. What would you do if you were handed -- actually FedExed -- a smartphone with someone else's data on it?

Yesterday something extremely odd happened. I received a smartphone from a wireless carrier that I asked for as an evaluation unit so I could do some application bandwidth tests. This phone, which is still currently offered for sale by the company, was not a new device -- it had clearly been used before, by a different reviewer.

This is not an uncommon practice in our industry as Public Relations firms typically keep a pool of units and rotate them around and hand them out for 30-day periods or so, sometimes longer.

However as with journalists that cover any industry, there are reviewers who are more important than others. There are those of us such as myself that write for the New Media and technology publications, and then there are those who are much, much higher on the food chain -- very mainstream, wide-audience writers who get approached by device manufacturers weeks before a product is released to the public and have a review up the day the product is for sale or announced.

I'm talking about people who are on a first-name basis with the most well-known C-Level executives in the world and get carte blanche on virtually anything these companies do or sell.

This phone which came into my possession via FEDEX from the Public Relations representative of this wireless company was previously on loan to one of these kinds of people.

How did I know? Well, the first thing I did when I got it after charging it was attempt to connect to my wireless network. There, in plain view, was the name of an "Out of range" wireless network which was also the name of this journalist.

I also immediately noticed the Twitter status messages and Direct Messages popping up on my screen that told me who it was, and when I clicked on the email icon, it revealed his entire inbox. The contacts manager also had a full list of his core friends and family and work associates, along with phone numbers.

His email account was still active and still authorized on the phone, and up-to-date as of that minute. In it there were conversations with well-known computer industry executives, as well as news embargoes for yet-to-be-released products and confidential conversations going back years.  Literally a treasure trove for anyone following the tech industry and a personal "Wikileak" of very serious proportions, if the contents were ever made public.

If I was a particularly unethical individual, all I had to do was create a fake email address for myself and start forwarding, or take screenshots and dump them to the data card and offload. And since all of this material was searchable from an archive in the Cloud, you just needed a few important keywords and intelligent search phrases and all sorts of juicy material shows up.

But there's more. On the Secure Digital card of this phone were pictures of this very journalist, his children and his spouse on what appeared to be a summer vacation, as well as several personal MPEG-4 videos. The time stamp of the photos indicated that they were taken last summer.

One of these photos is used as this article's artwork, which is an outdoor snapshot from the living room of what appears to be a vacation condo. He's got comfy-looking couches.

After about 45 minutes of examining the device and consulting our Editor-In-Chief, I did a factory wipe of the unit and erased the Micro Secure Digital card on the phone. The journalist's data is now safe, and I spoke to this person this morning to explain what had happened.

Apparently, his assistant had forgotten to do a data wipe of the phone before sending it back. And in my discussion with him, I had learned that this problem is not uncommon in our very small group of people that cover the mobile industry -- another well-known journalist had a smartphone that ended up in a competing journalist's hands somewhat recently, with similar types of data still on it and accounts that were still authorized.

So this phone with all of his personal data and accounts intact had been sent back to the PR agency, sat in storage for quite a few months, and was sent back to me in the same condition and state it was returned in. The phone was also software backrevved, and needed an immediate update to the latest version. The agency didn't even bother to clear it and prep it as it is sold in stores today.

There are a bunch of things to take away from this minor incident which could have been a personal and possibly career-ending disaster. One, if you're sending your device back to the manufacturer for service or any other reason, you want to do a factory reset and delete all the data from the SD card. And don't ask someone else to do it, do it yourself.

Second, if you actually lose your phone, you'll immediately want to change all of your passwords to your email service(s), Twitter, Facebook, and any other services you may have linked to the device. That won't help you of course if you have confidential materials stored in the device's flash memory or  Micro SD, so you also want to set a lock code on your phone if you haven't already.

That lock code won't help you, obviously, if the data card from the phone is removed and it contains information on it. If your phone supports remote wipe, such as an iPhone or a BlackBerry or an Android which has a 3rd-party wipe service installed, you'll want to enable that immediately and wipe the unit and the storage card the moment you realize it has been misplaced.

Smartphones and other mobile devices are portable windows into our lives. Please use them safely and safeguard your data.

Have you ever had your personal information compromised due to a lost or stolen Smartphone device? Talk Back and Let Me Know.

Editorial standards