When phone numbers and e-mail addresses from hotel heiress and celebrity Paris Hilton showed up on Web sites this month, the Internet was rife with rumours about how it happened. Theories focused on a buggy Web interface to Paris' T-Mobile Sidekick smart phone account and to a recent hack of the company's network that reportedly exposed her mobile account to hackers.
A simpler explanation for how someone got a hold of the globe-trotting Hilton's digital "little black book," might be that she lost her phone and somebody else picked it up. Consider the results of a recent global survey of 900 taxi drivers by Pointsec, which estimated that thousands of cell phones and mobile devices are left behind in taxis every day.
Pointsec surveyed cabbies in London, Paris, Chicago, Sydney and other major cities. The results were surprising, and suggest that mobile device users are leaving behind their gizmos at an alarming rate. One Chicago cab company reported 387 mobile phones left in cabs in the six months preceding the survey, or about 3.4 phones per cab. Based on the size of Chicago's entire cab fleet, Pointsec estimated that 85,619 cell phones were left behind in cabs in the city during the six-month period of the study, along with 4,425 laptops and 21,460 PDAs.
In Boston, lost cell phones, laptops and PDAs are also a big problem. Like other property, mobile devices that are left in cabs are turned into the Boston Police Hackney Unit, said officer Hugh Solari: "We get a ton of stuff in here. It's a headache," he said.
A disaster for companies?
Lost phones and PDAs inconvenience their owners, but can be disastrous for the companies if the lost devices contain sensitive documents, e-mail or other communications, according to security experts.
As Paris' compromised T-Mobile Sidekick showed, mobile phones store a lot more than names and numbers.
"The killer application for enterprises right now is push e-mail. Once you start pushing e-mail with attachments to mobile devices, you could have all types of information down there," said Bob Egner, Pointsec's vice president of marketing.
Companies should worry about confidential, classified or competitive information that could be on lost mobile devices in the form of document attachments, or that could be gleaned from e-mail messages, he said.
Pointsec's study shows that the vast majority of lost cell phones and PDAs are returned to their owners. In Stockholm 100 percent of PDAs and 92 percent of cell phones left in cabs found their way back to owners. In Chicago, those numbers dropped to 64 percent and 52 percent, but still a good return rate considering that lost devices might remain in the passenger compartment for quite a while before being discovered or reported lost, Egner said.
Boston police try to return the phones to owners, usually by turning them on and perusing the address book, intercepting calls from the phone's owner or from acquaintances who know the owner, Solari said.
However, the ease with which lost cell phone data can be accessed, even for purposes of returning the phone, is an indication of how loose security is, Egner said.
The US Secret Service lost confidential documents
No organisation understands the danger posed by mobile devices better than the US Secret Service, which recently discovered that some of its classified documents were nabbed by T-Mobile hacker Nicolas Jacobsen, who used his access to T-Mobile's network to see the mobile phone account of Secret Service agent Peter Cavicchia.
Jacobsen netted a treasure trove of documents, including an internal memorandum report and a mutual legal assistance treaty from the Russian Federation containing sensitive information about ongoing Secret Service criminal cases, such as a list of instant message accounts being monitored, according to an affidavit filed in the case.
Companies, including Pointsec, are flooding the market with products to address the mobile security threat. The market is likely to only get hotter given stricter data privacy laws and the growing number of employees using mobile technology, said Ian Gordon, vice president of marketing at Credant Technologies, another company which provides security for mobile devices.
"It's the wild, wild west out there," Gordon said