What to do when your phone is lost or stolen

by Dmitry Kirsanov 8. April 2021 19:51

Mobile phones are siblings of old day PDAs, but store vast amount of data. With smart cards up to 1Tb, access to cloud storage, e-mails, messengers and social networks, possessing your phone could potentially have consequences far beyond the obvious financial loss.

In this post I will attempt to address the risks and provide the way to create your own, personal emergency protocol for cases of your phone being lost or stolen.

Assumptions

In this example, we’ll assume, that you are using Samsung phone (that’s, probably, the most popular scenario these days), it has external card with photos and videos, you have social network accounts, cloud storage and e-mail accounts all linked to your phone.

Your phone is the gateway to many of those accounts, as they tend to either send you codes by SMS, or even use special authenticator applications, like Microsoft or Google do. You may also have banking apps working as authenticators, and some apps that can order goods and services without additional authentication – be it Amazon, food delivery or whatever else.

If your phone is not Samsung, but, say, Xiaomi, find out what is the alternative provided by your provider. Strategically, scenarios are the same, what’s different is URLs and how to use them.

How do we lose our phones

There are 2 major routes – accident and crime. In case of accident, you either see it happening (the phone falls somewhere, and it’s clear that you won’t get it quick, if at all), or realise that phone is gone some time after it happened.
In case of a crime, you usually notice immediately that it happened, because thieves are trying to get your phone while it’s not locked. Some not very smart and not very daring thieves may steal your phone from the purse, but that won’t bring them fortune… Unless they will get to your data. However, if you suddenly realised that your phone is gone, you can’t rule out both possible routes.

There is, of course, third scenario, when you simply forgot your phone at some safe place, but we’ll cover it too.

Risks

Apart from obvious cost of the phone, what are the risks? What can happen, if your phone falls to wrong hands? There are two trains of thought – if your phone was locked at the unfortunate moment, or if it was unlocked.

If it was locked:

  • Your external storage card is not encrypted by default. Yes, Android allows that to be encrypted, but in most cases it isn’t, because you need to instruct your phone to do it.
    So, from unencrypted card, criminals may recover your photos and videos, even those that you recently deleted. You may think that they should be too smart to recover deleted files, but in fact they don’t have to, they will simply sell that card to someone who would like to prey.
  • Internal storage is likely to be protected. In that case your data is either safe, or will buy you some time.

If it was unlocked, e.g. when someone just snatched the phone from your hands:

In that case, criminals will try to keep it unlocked, by constantly touching the screen. In a few minutes, they may connect it to the computer and attempt to copy your data, as well as see what apps you have, and exploit them by:

  • Contacting your contacts and asking them for money, pretending there is an emergency.
  • If they will find something to blackmail you or others – they will.
  • They will reset your passwords to social network accounts and download the contents of cloud drives.
  • They will post nasty things in your social network accounts, block your connections and so on – that sounds weird, but that’s what they often did.
  • After some time, they will get the contents of your inbox and attempt to contact whoever they can, to fish some money.

So, they have a lot to do, and that means – you don’t have much time.

First minutes

In order to create the emergency protocol, we need to model your actions that would:

  • Lock your phone, if it wasn’t.
    Locked phone can’t be connected to computer and is basically useless.
  • Erase data, if needed.
  • Let you know the phone location so that you could either retrieve the phone (if you are sure no crime is involved, and that’s the place where you’ve been), or inform local police.

So, as soon as you realised that your phone is gone, and you are sure it should be there, your first goal is to get to your Emergency Protocol. That’s the document we’ll create in a minute. To get to it, you would need a computer or a phone. If you have tablet, or your friend has a phone, or you have secondary backup phone with you – you are in much better situation, otherwise you would have to ask someone to provide you with access to public or private terminal. Internet cafe, paid internet terminals in some places (like gas stations, supermarkets, phone / computer shops), anything will do. If that’s public terminal with printer, you can print your protocol – having it on paper saves time and nerves.

If you are social enough, cab drivers and waiters at local cafes may help you with either the device to access the internet, or direction to where you can get one. Don’t be shy.

Once you are online and have your Emergency Protocol at hand – just follow it.

Emergency Protocol

Is, basically, a document, which describes your actions and data needed to:

  • Lock your phone
  • Disconnect your phone from all online services
  • Erase sensitive information
  • Display phone location
  • Prevent shutting down your phone
  • Display information on phone screen
  • Inform your network provider of device being stolen

As you already know, this document will be viewed on unknown device, so we can’t really count on file formats like Microsoft Word (docx). Our relatively safe bet would be PDF. All devices would read HTML documents too, however, it contains really sensitive information, and we don’t want it to be cached, unencrypted, anywhere.

We need to password protect this document, and preferably – protect even the possibility to download this document. Therefore, I suggest creating it in Word or similar tool, then export to PDF with password protection. However, next question is where to store this file.

You can’t use cloud storage that is linked to your phone. So, if you have Dropbox that is synchronising with directory on your phone, there is a chance, that someone will delete that file from your phone, for example, when moving files to another location. Therefore I suggest using Proton Drive or similar cloud storage, which doesn’t even have mobile apps. If you are using multiple cloud storage accounts – store it in one that isn’t linked to your phone.

Proton Drive allows you to set password on your share link, it looks like this:

ProtonDriveSharing

It is a good idea to protect both the file and the link, with different passwords. Just don’t forget these passwords, that would be most unfortunate.

Write down the URL somewhere and keep it with yourself. Every time you lose that note, destroy the link and recreate it. Even better – use the expiration date.

Remember, that PDF password is a joke, and can be quite easily removed. But it’s better than nothing in this case.

When storing that file on your computer, protect your original file too – use password in Microsoft Word (or any other editor) and at least NTFS encryption. Using encrypted containers, such as TrueCrypt / VeraCrypt is way more preferable for data like this, of course.

Gathering data

Now that we know what this file will look like, and how we will store it, let’s actually create it.

Since we are using Samsung, we are using the Samsung account. It gives some perks, like using your phone embedded unremovable services, and ability to lock your phone forever, if you have to.

So, let’s begin your document with this:

If the phone is lost:

1. Find and lock it.

https://findmymobile.samsung.com/

Note, that this website requires two things:

1. You have the Find My Phone service running (i.e. not disabled)

2. You created backup codes to avoid confirmation by phone. It would be awkward to not being able to login into the phone recovery service, because login is locked by SMS or mobile authenticator, right?

So, the next thing after the FindMyMobile url should be the list of backup codes.

You can get your backup codes by visiting Samsung Account website. Note, that if you’ll visit this account when your phone is already missing, it will display the access code on the screen. That might be not what you want. So do it when creating the emergency document, and not after. However, you can’t get into account security section without the actual password, so if your phone doesn’t keep that password saved in your browser, you should be fine.

To get the backup codes, you will need to navigate to Samsung Account’s two-step verification section. In there, you can set up secondary phone number, if any, and get the backup codes. You will need to put them into your Emergency Protocol, and that’s why this document needs to be protected.

NB: keep your last code, don’t use it. You will need it to get back to your account and generate more codes.

It’s paramount that attacker wouldn’t be able to get into your Samsung Account, because then they could reset your backup codes, and that would become the whole new adventure. So don’t save / cache your account password and make sure it’s unique.

So, let’s add some more information into your document:

Login: my gmail account

Codes: 123456, 234567, 345678

Each code works only once!

Your first step should be to get into the first website – FindMyMobile. It shouldn’t display anything on your phone, and would only require your account login and password. Therefore, you should either remember your password, or put it into your emergency doc. I suggest you memorize it instead, but that’s your call.

Once in that website, you are presented with quite a number of options:

PhoneActions

This presents the opportunity. Whether or not you know that phone was stolen, click the Lock button. This will show you the dialogue to lock the phone and optionally display message.

PhoneActions2

The PIN can be your existing, or new one – that’s up to you. If the phone was simply lost, you may ask finder to keep it connected until you find it, and contact you for reward. But you need to lock it either way. Once you do it, your phone screen will be immediately locked, and you will see this:

PhoneActions3

What’s interesting here, is that phone will not turn itself off, though there are ways to keep it off the grid, such as Faraday cage.

If you are using cloud backup, like Google or Samsung account, then Backup is probably not needed. However, click the Backup and you will see if these resources are synchronised with the cloud, and when it happened last time. And I mean – do it right now, because Emergency is not something you should be doing for the first time when it happens.

If you know, that your phone was stolen, you should delete your data. This function will require the backup code. Since you already locked your phone, you shouldn’t be worried about notifications about your activity popping out. Enter your backup code as authentication method, and erase the contents of your phone. This is the FINAL step, the most drastic measure. You won’t be able to control your phone anymore, and basically you will give thieves the reigns on device, but will secure the data.

PhoneActions4

So it’s a tough choice. If you have external drive, which contains contents you wouldn’t allow anyone to have – you would have to use this option. If not – you should try other options first. In order to not have this hard choice – encrypt your SD card.

Preparation: encrypt your SD card

Screenshot_20210408-124125_Settings

Go to your phone’s settings, tap “Biometrics and security” and then tap the “Encrypt or decrypt SD card”. This will take care of that.
Note, that time to encrypt depends on how much data there is at the moment. You may want to clean it up first, and only then encrypt. It may take around an hour and 10% of your battery for 64Gb of data.

If you are going to another country, there are few things to add to your emergency protocol.

1. List phone numbers of emergency departments.

2. Translate to local language phrases like “my phone was stolen”. I know, it seems like everyone speaks English these days, but a policeman in Barcelona didn’t. Moreover, he switched from Spanish to Catalan when I replied in Spanish. If you meet such people – find others, but do it quickly.

Track Location

While at FindMyMobile, write down location of your phone, and time when it was recorded. That will be important later, when police will investigate the matter. They may check street cameras, that’s why it’s important.

Your phone data

Another thing you need to write down to your Emergency Protocol, is phone’s hardware information.

That is a Serial number and IMEI. You can get them from phone’s original box, or Settings / About Phone. Write it down in the document. You will need this information, when informing your mobile operator that your phone was stolen.

Unlink your phone from cloud services

Dropbox:

https://www.dropbox.com/account/security

Google:

https://myaccount.google.com/device-activity

These links lead to the list of devices that have access to your cloud. You can remove them from the list so they wouldn’t be able to synchronise data anymore. This will not delete any data from your phone.

Note, that you may need backup codes for your Google account or other cloud providers too. Placing them in the same Emergency Protocol makes it juicy target, so make sure your password protection is good.

For Microsoft account, if you have one, the backup code is available in your Microsoft account security settings. Go to “Advanced security options” and under “Recovery code” click “Generate new code”. Note, that this will disable old code, so you should use this option if you ever suspect that your EP is compromised.

Change password to social network accounts

That’s something that you should do asap, but it’s not the first thing to do. Write down direct links to your social network account security section, and if there is a way to avoid using password (such as backup code) – use it and write down your key. If you know your password from memory – great, don’t put it into paper.

Let your provider know your account is compromised

Write down the support phone number. There are usually 2 or 3 such phones – one internal, which is free to call from within the provider’s network, another is public. You need to write down both.

Add your account number, IMEI of your phone, and serial number of your phone.

The point of this step is to ensure that this phone wouldn’t be used by those who stole it. However, it’s important to mention if you are still tracking its position, so provider could block phone calls, but not the internet. Do this AFTER going to police.
Once the phone went dark, you may want to disable it completely.

Let your friends know

Your friends may be targeted by thieves, so if your phone was stolen, especially if it was stolen while unlocked, let someone in your circle publish a word of warning in social network of your choice. If needed – let your parents or children know, that whatever comes from your phone number and / or social network account MAY be malicious.

Yes, and that means – write down phone numbers and / or handles of a friend or two.

Do-s and Don’t-s

If you see, that your phone is somewhere where you weren’t – don’t go there. Certainly not without police.

When you are in another country, and your internet traffic is unlimited, it might be a good idea to set up automatic screenshot synchronisation with the cloud. So that each time you make a screenshot, it goes to the cloud. You can do the same with photos, but that might drain your battery faster. The point of synchronising screenshots is that if you are using a taxi app, and getting confirmation that a particular cab is coming for you, a simple screenshot of that screen might give you an idea later, what taxi driver you are looking for, if you forgot something in his car.

When creating a link to your emergency protocol document, don't use link shorteners. First of all, there are scanners that will get access to your document, but what's more important - you will depend on additional service that may not work when you'll need it.

Tags:

Security

blog comments powered by Disqus