Your Smartphone Has Been Stolen. Now What?
MR. KOJO NNAMDI
They're little data centers in your pocket with all the email contacts, credit card information, music, and pictures, but what happens when your Smartphone gets stolen? All of a sudden, all that information could end up in someone else's hands. Police forces around the country are reporting a spike in thefts involving cell phones and tablet computers. This year in D.C., they account for 40 percent of robberies. Now police chief Cathy Lanier and other top cops around the country are proposing a high-tech solution, asking wireless providers to shut down stolen phones using a unique identifying number called the IMEI number.
MR. KOJO NNAMDI
It's an idea already being used in the United Kingdom and India, but industry groups and the FCC seem to be pushing that. We'd like to explore what happens after a cell phone is stolen, how we can protect ourselves before it happens, and where our phones go once they enter the black market. If you've had your Smartphone or mobile device stolen recently, you can give us a call. Tell us what happened after the theft. 800-433-8850. Joining us by phone is Brian Krebs. He's a technology journalist and blogger at krebsonsecurity.com. Brian Krebs, thank you for joining us.
MR. BRIAN KREBS
Hey, Kojo, thanks for having me again
Smartphones, Brian, are incredibly powerful tools that can literally store our digital lives within a tiny package. Most of the time that's a good thing, but it can also leave us quite vulnerable. You're written extensively about cyber crime and underground networks. Smartphones are very valuable to those folks in terms of the hardware itself, but also in terms of what is on them, is that correct? Why?
Yeah. I think the data that people store on their phones can be incredibly valuable. There's certainly a brisk trade in mobile devices, be they iPhones, Google -- you know, iPads, Droids, or whatever they are. If they're high priced digital devices, they have a high resale value on the underground, and these just tend to cost a lot more in other countries than they do here in the United States.
I haven't seen a big market for anybody saying, hey, I've got a lot of people's mobile phone data, but certainly as people rely more on more on these things, they're putting more sensitive information on there, and that information itself does have resale value as well.
800-433-8850. Have you had your Smartphone or mobile device stolen recently, or have you lost it? What happened after the theft or the loss? 800-433-8850. Brian Krebs, according to the Washington Post, 40 percent of robberies in D.C. in the first two months of 2012 involved mobile devices. Last year, New York City reported stats closer to 50 percent. D.C. Police Chief Cathy Lanier recently proposed a more high-tech solution to old-fashioned street crime requiring mobile phone companies to disable stolen phones. What's your reaction to that?
Well, I'm kind of two minds, right? I mean, the geek part of me thinks this would be really cool, you know. The stronger voice, the security guy part of me kind of just dwells on all the different ways that this could go badly wrong and, you know, how it could be abused, frankly. The question for me is what happens to these phones once they're stolen. And the way I look at it, there's a decent chance that even if, let's say, we get this break-in technology where they remotely make your phone unusable.
It's known as bricking -- bricking, correct?
Let's say they get this in place...
They brick your phone, yes.
...across the providers. They brick your phone and -- but, you know, the crooks are gonna do this anyway. They're gonna wipe what's on there, and unlock them. So for the non-geeks out there, unlocking is the process of sort of de-tethering the device from the software that gets installed by the original mobile providers so that you can use the phone on any mobile network in the world.
I happen to own an unlocked phone when I travel overseas, but go ahead.
Well, there you go. So the question becomes okay, so let's say you're an AT&T customer and you lose your phone and you say, AT&T, look, I lost my phone, can you brick it for me? Well, they brick it. Well, the guy that just stole it from you probably knows you're gonna brick it, but he doesn't care because he can still sell it to somebody who wants to use it on Verizon, or, you know, in another country's network.
Wait a minute. But how do they know that that's me calling, and not just somebody I'm having a feud with who wants to get my phone bricked?
Right. Right. So this is the other issue, and then there are a lot of issues raised by this. I mean, one of which is how do you authenticate the customer? I mean, it's one thing if somebody says, hey, I want to pay my bill online, right? But here we go, I mean, you have your customer calling in saying I need to brick my phone. Well, how do you know that that person is, you know, the rightful owner of that phone? Especially, you get people in these situations and they're probably very upset. They're probably very tense, they want to do it now, they want to do it yesterday, and how do you manage that?
I think you really have to think about the unintended consequences when we think about these new features, and I think one unintended consequence has got to be abuse, and I mean, you know, think jilted ex-lovers, spouses, stalkers, competitive intelligence people. You know, I mean, you want to ruin somebody's day, brick their phone.
Exactly right. In many ways, the idea of compelling wireless providers to make a stolen phone as useful as a brick, makes a lot of sense especially if it makes it harder to sell or even eliminates some markets for stolen goods, but it also raises, doesn't it, some serious practical and privacy concerns. Do you really want to give this new power to the government and to wireless companies? Valid question?
Well, I think that's exactly right, and it's a very valid question. I mean, you know, the Post story talked about this a little bit. They quoted some wireless industry persons saying, you know, this has been tried in other countries, it hasn't worked out so great. And, you know, I guess I'd like to hear more details about that. But when it comes to the privacy questions, yes, I think it's a very valid question. I mean, look at application -- what's happening with the application platform providers, so Google and Apple, right?
Both of these companies they're under tremendous scrutiny from privacy groups and from Congress about -- and rightfully so, I mean, about how much data they're collecting already from users, how long they store it, who they share it with, et cetera. And I'm not sure, you know, I'm not sure they would want to -- they have a strong stance on this, they probably do. I don't know what it is, but the bigger question is how to the carriers feel about this. And my sense is, you know, they probably don't want to do this at all, and I think probably because they're likely to get a lot more scrutiny, and then at the end of the day probably a big backlash.
Onto the telephones. Here's Nicki in Reston, Va. Nicki, you're on the air. Go ahead, please.
Yes, hi. I just wanted to make a comment that, you know, I believe there is a privacy issue that you have to be concerned about. But on the other hand, I had my brand new iPhone (word?) stolen and I didn't get any assistance from the police, I didn't get any assistance from the phone company that I got the phone from. And, you know, I was faced with getting a replacement phone and it was one that cost me $200. And, you know, if I would have bought it at full cost, of course it would have been $800.
So it's kind of, you know, there's no incentive for the phone company to agree to the ability to track a phone and locate a phone, there's not really an incentive from a market perspective. Who's going to buy a new phone if they can get their old one back?
So it's better for the phone company because what they're getting is somebody buying a new phone. Did you ever manage to figure out who took your phone?
Actually, yes. I retrieved my phone. I went back the next day, and there had been a witness that saw the person that took the phone. That person is currently is in prison.
I went back and took my husband's cell phone and met the witness and when we identified the person, it was -- I called my phone and he had never shut it down. And so he answered my phone, and I called the police and they came and arrested him.
So he is in jail for having stolen your phone?
Yeah. In the state of Virginia, apparently it's grand larceny, anything that's $200 and above is grand larceny and he is currently in prison.
That's pretty remarkable.
That is pretty remarkable. I'm not sure a lot of people have that experience, Nicki. Thank you for sharing this. It gives a lot of people hope...
Oh, thank you. Thank you.
...as a result of it. You're welcome. On now to Edward in Silver Spring, Md. Edward, you're on the air. Go ahead, please.
Thank you. I had a situation where my phone was either stolen or it fell out of a pocket. At any rate, I lost possession of my phone months ago. Long story short, an individual called my mother whose number is on my phone and said they had my phone. I went to retrieve my phone, I got my phone back. However, I found that on charging it up, the sim card did not work and I had to replace my sim card. So I was just -- I've always been a little curious about maybe the situation or the circumstance behind that.
Oh, I thought you were going to say the person called your mother so she would reprimand you for losing your phone, but Brian Krebs, what's with the sim card not working?
Oh, I would say both of these callers got off pretty easy. Yeah. You got your phone back, it may be that they were trying to just, you know, they figured it was gonna be a loaner until they get it back to the owner. I mean, when you swap in a sim card, you can, you know, you can essentially change the service on it. He may have swapped in his own card, and was using the phone, you know, it's hard to say.
But there really are two issues here, right? I mean, it's the cost issue, if you lose a phone, some of things are prohibitively expensive to replace. But then there's also the data issue, and the reality is is that there are some pretty inexpensive and not very troublesome or hard to implement ways of, you know, covering at least the data part if things go wrong. There are certain apps that you can get that will let you wipe them or track the phone, or wipe the date on them remotely.
I think both the Android and the iPhone have just a simple screen lock that will you put a four-digit pin and if you -- you can set it so that maybe ten times if you get it wrong, it will automatically wipe all the data on it. But the other issue that they're getting at here is, I mean, some of these phones are 400, 500, $600 or more to lose. That's another issue, and I don't really know what the answer is. I don't think the providers themselves offer that insurance anymore.
Edward, thank you very much for your call. I'm afraid that's all the time we have. Brian Krebs, thank you so much for joining us.
Hey, Kojo, thanks for having me.
Brian Krebs is a technology journalist and a blogger at krebsonsecurity.com. "The Kojo Nnamdi Show" is produced by Brendan Sweeney, Michael Martinez, Ingalisa Schrobsdorff and Tayla Burney with assistance from Kathy Goldgeier and Elizabeth Weinstein. The managing producer is Diane Vogel. Our engineer, R.F. Andrew Chadwick, running, fixing, Andrew Chadwick. A.C. Valdez is on the phones. Podcasts of all shows, audio archives, CDs and free transcripts are available at our website kojoshow.org.
We encourage you to share questions or comments with us by emailing us at firstname.lastname@example.org, by joining us on Facebook, or by tweeting @kojoshow. Thank you all for listening. I'm Kojo Nnamdi.
Transcripts of WAMU programs are available for personal use. Transcripts are provided "As Is" without warranties of any kind, either express or implied. WAMU does not warrant that the transcript is error-free. For all WAMU programs, the broadcast audio should be considered the authoritative version. Transcripts are owned by WAMU 88.5 FM American University Radio and are protected by laws in both the United States and international law. You may not sell or modify transcripts or reproduce, display, distribute, or otherwise use the transcript, in whole or in part, in any way for any public or commercial purpose without the express written permission of WAMU. All requests for uses beyond personal and noncommercial use should be referred to (202) 885-1200.