-
A practical demonstration of physical and data security (or, my phone got nicked)I re
Yesterday, my family and I came back from a 3 night stay at Disneyland Paris. We had a wonderful but exhausting time (up 7 ish on each of the 3 mornings we were there and not getting to bed until 11ish, I think my son was running on sugar and pure excitement by the end). Through my own carelessness I managed to give myself a ride on the journey home almost as thrilling as some of the roller coasters we went on.
We came back on the Eurostar, leaving France at 6pm and getting to London at about 7:45pm. While we were queuing to come through passport control I checked train times on my phone and saw that if we hurried we could get a train that would get us back home by about 10. We ran through St Pancrass (I imagine we looked like that family from The Fast Show), bought tickets for the underground, jumped on a tube to Victoria, then ran again at the other end, bought tickets for the train home and then just had time to buy some fast food to eat on the train before running again and jumping onto it. We found our seats, arranged our bags and sat down.
Once my son was settled I went to get my phone to check the latest goings on here. It wasn't in the pocket I thought I'd put it in, or any of my others pockets...
"What are you doing?" said Mrs wmw as I started frantically looking through my coat.
"I can't find my phone..."
"Where did you put it?"
"I think it was in the back pocket of my jeans"
There then followed a brief exchange where Mrs wmw reminded me that she'd told me off in the past for keeping my phone there.
"Your're sure it's not in the bag?" she continued. "I remember you were checking train times earlier."
"It was definitely in my pocket," I said, and did a sad face, realising that in all likelihood some had swiped it from my back pocket on the escalator or in the Burger King queue
She gave me her phone and I set to work sorting the problem out. I have insurance for the phone, so whilst losing it was a pain I knew I'd only have to pay £50 excess to get it replaced.
What I was worried about was my data, because I use my phone for everything.
I called my network provider (who were excellent in this instance), explained the situation and got the SIM and handset blocked. Next I logged on to one of the google accounts I have on the phone and used Android Device Manager to remotely wipe it.
What I didn't know was whether the thieves had got access to anything before I did that. I have a pin code set on the phone, but had set a fairly long delay on it because I'd been using the camera a lot while we were away, so if they'd grabbed it soon after I'd put it away they might have had access to all of my accounts - Google, Facebook, Twitter, eBay, PayPal, Amazon, even (heaven forbid) IWL.
Funnily enough a few years ago I published a couple of stories about 2 street kids who mug people for their phones and then try to take over their identities, so I'd done a little research on this kind of thing and I was genuinely scared.
Changing passwords using my wife's phone was a hassle and, in some cases impossible as I didn't have access to my main Google account on it as I have 2 factor authentication set on it.
As soon as we got home I fired up my Chromebook and set about changing passwords.
I did the eBay, PayPal and Amazon first, then moved onto the accounts that would be trickier to do as I have 2 factor authentication on them. For anyone that doesn't know, that's an increased level of security that means that if you access your account from a device that you haven't used before, or make changes to some of the settings on the account (including the password) you have to reauthenticate using a code that is sent to you in an SMS. Most of the time this is great, but not when you don't have your phone!
I did Google first. They allow you to register a back up phone to receive the SMS in case you lose your main one, and I had my work phone set on that, so I was able to reset that quite easily.
Next I moved on to FaceBook. They don't allow you to register 2 phones, but as I stepped through their process I saw that if you think you have lost control of your account you can prove your identity by sending them a photo of some photo ID. Great, I thought, I know exactly where my passport is. I got my bag, rummaged around and pulled it out...only to find my phone sandwiched between it's pages....
"I did say it might be there," said Mrs wmw....
So, alls well that ends well.... The phone had indeed been completely wiped (including all of the contents of the SD card inside it, which is frustrating as I lost some holiday snaps but most were taken on my camera so I can live with that), and the SIM was unusable. I called Vodafone again and got it reactivated so now I just have to set the phone back up again, which is possible a blessing in disguise as I had loads of crap on there I probably didn't need.
I realised once the panic was over that I'd unwittingly done a pretty good test of what would have happened if I actually had lost my phone and realised I was pretty happy with how it had gone. I'd quickly made the device unusable and protected my data, and 2 factor authentication on my main accounts had made me feel pretty protected.
So, the morals of the story, for smartphone users:
- Don't put it in your back pocket!
- Make sure you have some kind of remote wipe functionality set up that you can use in an emergency
- Use 2 factor authentication on accounts where you might have sensitive data
- Listen to your wife, she's probably right
-
Post Thanks / Like - 3 Likes