How Your Locked Smartphone Can Be Used to Make Calls and Steal Information

October 2016: Yes, you require a passcode or fingerprint to unlock your smartphone. Yes, you’ve enabled Find My iPhone or Android Device Manager. And, yes, sadly, your lost or stolen phone can STILL be used to make calls and get some of your personal information until you hit the kill switch.

Here’s how you can unknowingly allow strangers to use and access your locked smartphone — and how to stop doing that:

1. Bluetooth allows your phone to be discoverable even if it’s locked
If your Bluetooth is on, it can be paired with and used by other devices. If these devices happen to be other people’s phones or equipment that allows calls to be routed through your phone, calls can be made from your locked phone and billed to your number. Also, Bluetooth spyware is rampant, and Bluesnarfing tools can steal data from your phone.

Stop leaving Bluetooth on all the time. Turn it off if you’re not currently using it.

2. Siri and Cortana can sell you out.
With Siri or Cortana turned on, anyone can give it commands — like having it call the closest Pizza Hut or a specific place overseas. Both Siri and Cortana can learn your voice so they make fewer mistakes understanding you but that’s not a security feature. However, if someone who doesn’t have your passcode asks for personal information, like phone numbers and addresses (other than the phone’s owner, which is displayed by default), your personal assistant keeps mum.

Stop allowing access to Siri or Cortana from your “lock screen” when you’re out and about.

3. Notifications offer up personal information
Whoever has your phone can read your notification previews if you allow them on your lock screen. Previews of emails and texts, calendar events and reminders, recent Apple Pay and other transactions, notifications from budgeting apps, health apps, personal assistant apps — any app you’ve said “yes” to when asked if you want to receive notifications. These notifications, especially in aggregate, can provide a lot of information about you.

Stop lock screen Notification previews. You can still get notified without getting the preview information.

4. The Control Center gives thieves the control
On iPhones, the Control Center allows access to several functions, including setting Airplane Mode, accessing the camera to take (but not view) photos, and setting or reviewing alarms. It also lets you turn Bluetooth on and off, which is a big deal (see #1). Some Android apps mimic Apple’s Control Center.

Stop allowing lock-screen access to the Control Center and Android apps that can access phone functions.

5. Medical ID shares your name, basic health information and emergency contacts
The purpose of Apple’s Medical ID and Android N’s Emergency Info screen is to help medical professionals assist you by making key information available on the lock screen. You can include things like blood type, allergies and medications and also organ donor information, which can be extremely useful in critical circumstances. Can thieves use the information against you or your family? It’s possible.

Solution: Weigh the benefits of Medical ID and Emergency Info against privacy concerns.

Lastly, if your phone does go missing, put it in Lost Mode (via Find my iPhone) or remote lock it (via Android Device Manager) right away by logging into your account from a computer or someone else’s phone. Once it’s in lost mode or locked, it’s completely useless to anyone that doesn’t have your account username and password. Unlocking it again is easy — just takes one click after you find your phone again.

Leapfrog constantly works on balancing security and productivity for our clients and the friends we advise. How careful is too careful? How convenient is too convenient? When you plan in advance — and leave some wiggle room for unique situations — your smartphone can be your BFF and the keeper of your privacy, too.

[well size=”sm”]If your goal is an optimized IT environment that helps your company grow and prosper, you need highly effective Help Desk support. The faster problems get solved, the sooner your team can get back to work. Leapfrog offers a range of managed IT services, including 24/7/365 Help Desk Support. We pride ourselves in our lightning-fast resolution speeds and deep knowledge of all things IT. Customer service as Priority One means no more bottlenecks![/well]