London is a phone-theft hotspot Jeff Blackler/Shutterstock
Even if you have never had your smartphone stolen, you probably know someone who has. In London, last year alone. And as victims of phone theft know, while the loss of a pricey gadget can sting, the dreary administrative slog in replacing a device that runs your entire life can, in some ways, be worse. So why can鈥檛 we stop phone thieves 鈥 and is there a better way to protect your personal data?
The answer is partly down to the numerous ways that criminals profit from stolen phones, but it is also about technology firms prioritising usability over security and international governments failing to arrive at a global solution. In short, it鈥檚 complicated.
Some victims place the blame with the police for failing to catch phone thieves. When Nav Dugmore from Wolverhampton, UK, travelled to London for the first time, she had her iPhone snatched seconds after leaving Euston train station, a major transport hub. 鈥淚t traumatised me, if I鈥檓 honest,鈥 she says. 鈥淭here needs to be something else put in place to stop them being able to use your phone, and I think the police need to be doing more.鈥
London鈥檚 Metropolitan Police told her that several other thefts had happened at the same spot in the previous hour and admitted there was 鈥渘o chance鈥 of recovery. Dugmore had the phone鈥檚 face-recognition security setting turned on, but the device was unlocked when it was grabbed and the thief quickly spent 拢300 in various shops around London. By far the biggest blow was the loss of photos of her three children growing up, she says, which weren鈥檛 backed up.
When a phone like Dugmore鈥檚 is stolen, it enters a conveyor belt of crime, with multiple possible destinations. The simplest route is the thief simply selling the handset on, often to be resold in another country. Phones can be sold for parts to unscrupulous repair shops, too. Daniel Green, an inspector at the City of London Police, says phone snatchers have links to gangs that export the devices, essentially smuggling them out the same way as drugs are smuggled in. 鈥淲hat we鈥檝e found suggests boxes and boxes of phones going out [of the country],鈥 he says.
Free newsletter
Sign up to The Daily
The latest on what鈥檚 new in science and why it matters each day.
Then there are more involved scams, like removing the SIM card that identifies a phone to the network and placing it into another handset. This allows criminals to read text messages destined for the victim and can get them access to email and websites that use two-factor authentication. This can be combatted by setting up a PIN for your SIM card, but this must be done before the phone is stolen.
The most valuable phone for thieves to target is one with no security protections, but even setting a PIN on your handset won鈥檛 necessarily protect you, says James O’Sullivan, who runs an app called Nuke designed to help people in the aftermath of their phone being stolen. Thieves may simply look over your shoulder to see your PIN, or use more devious tricks. For instance, activating an iPhone鈥檚 Emergency SOS feature and then cancelling it will temporarily disable access via face or fingerprint recognition, forcing you to input your PIN the next time you unlock it. A clever thief can offer to take a photo for you, surreptitiously pull this trick, then snoop when you enter your PIN after they hand back the phone.
With unlocked access, criminal options become even more sophisticated. Thieves can steal money from online banking apps or cryptocurrency wallets, then message the victim鈥檚 friends and family to scam them into sending emergency funds. They can even post nefarious links on social media accounts to phish others into providing their logins or private data.
So what can be done? The UK government at least recognises that there is a problem. It launched promising to pressurise smartphone manufacturers to permanently disable stolen phones. It also pledged to conduct an investigation to learn more about the people who steal phones, where the devices end up and how to stop the problem.
In theory, the technology already exists to disable stolen phones. Each device carries a unique IMEI code and those reported stolen can be blocked from cell phone networks, which already happens on a per-country basis in places including the UK, Canada and the US. But a phone blocked in this way can still access the internet through Wi-Fi connections. The Met Police has long urged technology firms to build on this and also 聽such as data backup and photo storage, which would reduce their functionality and make them less attractive to thieves. So far, Apple and Google have declined to do so.
Even this wouldn鈥檛 help if such restrictions continue to operate on a per-country basis, as is the case with IMEI blocks now, as criminals can simply send phones to a country where they aren鈥檛 blocked. Green says he would like to see manufacturers create a permanent kill switch for devices, to completely remove the incentive for criminals to take phones. 鈥淚 don’t know whether it’s just not a problem for them,鈥 he says. 鈥淢ore pressure needs to be put on them. We鈥檙e trying to pick up the pieces on our end and it鈥檚 very, very difficult.鈥
Jordan Hare, a former police digital forensics expert who now works at private security firm S-RM, says phones are already equipped with security features that should keep even the most determined crooks at bay. For example, some phones automatically lock if they detect a sudden jerking movement, like being snatched by a thief.
The problem is that many of these options are turned off by default 鈥 something Hare suspects is done to make life as simple and seamless as possible for users. 鈥淎n opt-in for these features actually doesn’t help the general consumer because they don’t necessarily know they’re there,鈥 he says. 鈥淲hereas an opt-out scheme, having them on by default, having better information provided when you first set up your phone about 鈥榯his setting is on, this is what it does, this is why you shouldn’t turn it off鈥, for example, actually puts measures in place ahead of a phone being stolen.鈥
Meanwhile, other security features that sound promising, like the ability to track the current location of your phone from a web browser, simply fail to make a difference in the real world. If a phone is tracked to a large block of flats, there is little police officers can do without further information .
That was certainly Dugmore鈥檚 experience with her stolen iPhone. 鈥淭he last location was about 10 miles away from where my phone was stolen,鈥 she says. 鈥淭he police did say ‘there’s no chance of you getting that phone back鈥.鈥 When asked about the incident, the Metropolitan Police told 性视界传媒: 鈥淯nfortunately the investigation couldn鈥檛 be progressed further due to a lack of CCTV in the area. We recognise the victim鈥檚 frustration.鈥
Most major smartphone venders didn’t respond to a request for comment by 性视界传媒, with Samsung, Xiaomi and Google failing to reply. Apple did respond, however.
“We have been working on this issue from a hardware, software and customer-support standpoint for more than the last decade,鈥 says an Apple spokesperson. 鈥淲e have made and continue to make significant investments to create industry-leading tools and features that put control in the hands of our users in the event of theft.鈥 The spokesperson declined to explain why some security options aren’t turned on by default.
Ultimately, the only way to prevent smartphone theft 鈥 other than being careful whenever you use your device in public 鈥 is for manufacturers to make it not worth criminal鈥檚 while. They have control over the hardware and software, and could bring in unhackable features that completely lock down a phone, its apps and its spare parts from abuse or resale. But O鈥橲ullivan says it just doesn鈥檛 seem to be a priority. 鈥淚f I鈥檓 brutally honest, it’s probably not their biggest thing, because stolen phones are reasonably good business for people that are selling new phones.鈥
Topics:
