Inside the cramped lost-and-found office in New York's sprawling Penn Station, a half-dozen cardboard boxes overflow with intimate secrets.
Tucked beside forgotten winter jackets and above long-lost rings are hundreds of cell phones and personal digital assistants, or PDAs, filled with personal information – such as bank account and credit card numbers -- that could easily have slipped into the wrong hands.
700 lost phones in just two months
Most people who misplace handheld devices lose much more than just a bit of electronics. Today's phones have become a warehouse for some of people's most sensitive financial data. And when these high-tech gadgets go missing, the information they contain becomes available to whoever finds them.
Bank accounts can be compromised and credit card numbers can be stolen, to name a couple of frightening possibilities.
"Before, when you lost something, that was the end of it. It was lost," said Michael Callahan, the chief marketing officer for Credant Technologies, a Texas company that sells data encryption software. "But by losing a PDA, a trove of information is lost -- some of (which) you don't remember you had even stored in your PDA. And that makes people a lot more susceptible to identity-theft criminals."
PDAs have become an integral part of everyday life. BlackBerry addict-elect Barack Obama was told to dispose of his gadget before he assumed the presidency to avoid a possible national-security disaster if his device was ever hacked or fell into the wrong hands. Obama won the right to keep his mobile device in January, but one configured with security enhancements.
Can Obama's BlackBerry be hacked?
These devices do have a bad habit of disappearing. A Credant survey conducted in September indicated that more than 35,000 phones and handheld devices were left behind just in New York City taxis during a six-month period. (Only two-thirds of owners were reunited with their phones.)
Each week, New Jersey Transit users turn in an average of 40 phones found on trains, buses or light-rail lines, or in waiting areas, agency spokeswoman Courtney Carroll said. Presumably, there are plenty of other phones that never get turned in.
"With 900,000 trips on a typical weekday, there is a lot of opportunity for people to leave something behind," Carroll said.
As smart phones' memories and browsing speeds have increased, growing numbers of users have begun using them to monitor checking accounts, transfer money and purchase new shoes -- all while waiting for the next bus to arrive.
4 essential cell phone rules
And these popular and powerful devices -- some phones now have up to 12 gigs of storage capacity -- have become a treasure-trove for savvy hackers.
Lesson 1: Don't save your passwords
One huge risk: saving your passwords in your phone. Sure, it's convenient, but it comes with a cost.
"Would you keep a Post-it note on your ATM card with your PIN number on it?" asked Thomas Williams, the director of data collection and forensic services at LexisNexis Applied Discovery. "Anything stored in an unprotected or plain text might as well be that Post-it note. If your phone is lost or stolen, all that information is compromised."
Some phones, such as BlackBerrys and newer iPhones, can be wiped remotely if ever lost or stolen. But there is always the more obvious way of keeping sensitive information from falling into the wrong hands: Don't store it in your handheld in the first place.
"I like to follow the good rule of thumb: If you can't afford to lose the information, then don't put in there," Williams said.
Lesson 2: Lock your phone
If you insist on keeping sensitive information in your phone, be sure to limit the access a would-be thief could get. Protect your phone with a password; experts suggest using more than eight characters and including symbols and numbers.
Experts say you should also give every secure account a unique password and change it every six months, though they admit that not many users are willing to go to those lengths to safeguard their information.
Most phones have a so-called kill switch, which wipes all information from the phone if the wrong password is typed in multiple times. And any sensitive information, such as personal identification numbers, should be password-encrypted.
None of these is foolproof: Skilled hackers can get around passwords, as can anyone with commercially available forensic equipment that can decode encryption programs. But encrypting the phone is likely to deter all but the most motivated criminals.
"Having a modest amount of security goes a long way," said Williams, a former federal investigator. "Bad guys don't want to break into a house with a dog in it because they don't want to get bitten. It makes them move to the next target. The ones who didn't protect their data, they are the ones who didn't have a dog in the house. The person will see a crime of opportunity and exploit it."
Lesson 3: Watch out for the trash
With phone manufacturers stepping up the race for the sleekest, fastest and coolest models, customers are keeping pace, replacing and upgrading their phones every six to 18 months.
How to reset your phone
And each time one of the world's 4 billion cell phone subscribers upgrades, the old phone winds up getting resold, recycled, donated or simply tossed in the trash.
Unlike laptops and computers, smart phones store information in a flash memory chip that is virtually impossible to wipe clean.
Paraben, a forensic software company in Utah that works with law enforcement agencies, buys hundreds of used cell phones every month on eBay for testing purposes. Many of them still contain personal information, including Social Security numbers and bank account information, Paraben CEO Amber Schroader said.
Some phones reveal embarrassing relationship banter, such as couples squabbling. "There was one funny text message. . . . 'I hate you so much. Don't forget to bring home the milk,'" Schroader said. "You're kind of getting a nice perspective into people's lives, but at the same time, I don't think they realize that so much of their information is left on their phone."
For those looking to dispose of their phones, only a master reset will overwrite most of the phone's information. But such resets can be tricky: Experts say you should follow instructions in your phone manual or call the manufacturer for instructions, or go to your phone carrier's store and ask the staff to do it.
Produced by Anh Ly
Published Dec. 19, 2008
High