Insight

Tackling mobile phone theft

Hardware
Dion Price, CEO of Trustonic, explains to Comms Business how device locking is key to addressing the rising tide of theft.

According to a recent Home Office analysis of crime statistics for England and Wales, an estimated 78,000 people – or more than 200 a day – had their phones or bags stolen in the year leading up to March 2024. While the Home Office claims that these are the highest figures in over a decade, the reality is that the true number is almost certainly much higher. Only a fraction of thefts are ever reported, and this is often just to obtain a crime reference number, enabling a consumer to claim for the stolen device on their insurance policy. 

It's hardly surprising that thieves are increasingly targeting phones. After all, devices tend to carry a large price tag, with the iPhone 15 Pro Max – the UK’s most popular device – starting from £1,200. Coupling this with how easy phones are to steal, and the low rates of prosecution, it explains why smartphone theft is seen as a lucrative and relatively risk-free proposition.

Of course, once a device has been stolen, thieves must then have the means to sell it on for a profit. There is a well-established trafficking network for the black market, with phones often leaving the country in bulk, headed for criminal gangs who reflash and resell them. This makes moving stolen devices a breeze, and due to the international nature of most phone theft, the evidence of the crime is soon gone.

Where traditional security falls short

In recognition of the threat that theft poses to device users, most phones now come with security measures built in. However, there are two main issues with this that leave people vulnerable. Firstly, setting these services up requires effort from the users, and not all are aware or have the technical ability to do so. As a result, most people don’t bother. Secondly, features such as biometric authentication and ‘find my phone’ type services – which, in theory, allow victims to lock their stolen device – can have unfortunate side effects. 

Criminals have invested heavily in the skills and tools needed to hack devices, which has resulted in an industrialised black market. This means gangs now have the resources to employ technical experts to uncover new ways to compromise phones. Once a new vulnerability is exposed, it’s quickly shared on social media, leading to a surge in attacks exploiting it. As such, users who only have these basic security measures in place are never truly safe. 

Cost and implications for companies

Besides individual users, device theft poses a serious threat to businesses too - especially as smartphones have become integral to daily operations. For companies with large workforces, multiple incidents of theft can accumulate into substantial replacement expenses, let alone the impact of data and security breaches.

According to research, the average cost of a data breach for a company was approximately $11.45 million in 2020, reflecting the high stakes involved in mobile device security.

Beyond the financial cost, the impact of phone theft extends to regulatory compliance - resulting in unauthorised access to proprietary information, customer data or confidential communication. Not only can this lead to breaches of laws such as the General Data Protection Regulation or the Health Insurance Portability and Accountability Act, but it also exposes companies to hefty fines and potential reputational damage too. Industries such as healthcare and finance are particularly vulnerable, where insider data breaches - often enabled by stolen devices - are significant.

The healthcare sector alone accounted for 46.4 per cent of internal breaches during 2020-2021, with personal and medical data as prime targets. Similarly, internal theft in retail sectors, which often involves mobile devices, cost U.S. companies up to $50 billion annually.

To mitigate these risks, companies are increasingly investing in device management solutions, biometric security and encryption to safeguard corporate data. However, the rising trend of phone theft affirms the need for continuous vigilance and robust cybersecurity measures that extend beyond the capability of these solutions.

Device locking

This is where device locking technology comes in. Effectively, this acts as a kill switch that is exceptionally difficult to bypass, even for the criminals who have access to the most sophisticated attack systems. It uses a client that hooks into the base levels of the phone’s operating system, so that even if the phone is factory reset after being stolen, the lock will remain intact. This removes the resale value of the device, eliminating the initial incentive to steal it. Criminals will move onto their next target as a result, bringing the trade of stolen phones to a halt.

While many security measures demand user engagement, the beauty of device locking is that consumers don’t need to do anything for it work. They aren’t required to set up a Google or Samsung account, or enrol the device into services; once the product is switched on and connected to the Internet, it’s protected. This is not to suggest other security solutions don’t have their place, just that device locking is the most vital intervention in preventing street theft. However, the smartphone industry has been slow to discover the benefits that device locking can afford consumers and original equipment manufacturers (OEMs) alike. This is inadvertently allowing gangs to perpetuate their crimes with little resistance.

United front

Therefore, OEMs, carriers and retailers owe it not just to themselves, but to those who purchase their devices also, to explore the unparalleled level of security provided by device locking. After all, street theft is only one piece of the pie, and there are many vulnerabilities present throughout supply chains around the world. Mobile shipments in transit, for example, are routinely targeted by gangs, while theft from stores and reverse logistics scams also pose serious threats to manufacturers and retailers’ profits.

Device locking can help defend against all of these lines of attack, meaning its use cases extend far beyond the issue of street theft. As such, it is an incredibly versatile security technology, with the potential to cripple the entire global network that props up device theft.

However, only by adopting a uniform approach to device locking can OEMs hope to turn the tide on mobile phone theft, and secure a safer, more prosperous future for the industry.

Posted under: