If your mobile phone is worth $1000, it’s a really big deal to lose it or have it stolen.
But if your phone is stolen while it’s unlocked, you could end up worrying about way more than $1000.
Here’s what you can do.
You’ve probably seen the videos on social media.
Some of them show the crime scene with the oblique perspective of a street surveillance camera.
Others are apparently shot from the hip – not literally, of course, but extracted after the incident from the dashcam of a passing driver or cyclist.
The perpetrators of this crime are often on bicycles themselves, albeit not in a legal sense.
The velocipedes of choice for these balaclava-clad bandits are legally no such thing, being either illegally-modified e-bikes with their electronic regulators bypassed or removed, or unassuming but unregistered electric motorcycles with no tags that can swiftly and smoothly outwit almost any other vehicle in an urban situation.
Well, almost any other vehicle:
The MO is surprisingly simple: these highway robbers glide around apparently innocently until they spot a pedestrian who is glued to their phone, or someone sitting down in a roadside spot who is focused on their phone and not their surroundings.
One moment you could be staring at a live mapping app trying to find your way to your next meeting from the bus stop, the train station, or the car park…
…and the next thing you know, you’re standing there empty-handed as one of these modern-day snatch-and-run criminals swoops past you at close range and grabs your phone.
They immediately weave into invisibility through the traffic ahead, or zoom off into an alleyway or car-unfriendly side street that they have scoped out in advance for their getaway.
The most worrying thing about this crime, aside from the fact that’s it’s an outright robbery and not just sneak thievery from an unattended bag or backpack, is that these criminals don’t just make off with your phone, which might set you back anywhere from $400 to $1000 to replace.
They get away clean and clear with your phone while it’s unlocked and in active use.
Even if you’ve set an aggressively short time before the phone locks automatically, these crooks aren’t going to let your phone lock up on them if they can possibly help it.
They can keep your phone active as they’re riding away by tapping on the screen with one hand as they steer with the other.
And, on their nimble getaway vehicles, they are hoping to reach a out-of-the-way spot with enough time left to dive into the relevant settings in the phone to reconfigure it to buy themselves yet more time.
They’re probably not planning to hold onto your phone for long.
Firstly, the sooner they pass it along the crime chain, the safer they are against getting caught in possession of stolen property.
Secondly, the sooner they can get the phone into the hands of an expert in “phone draining”, the sooner they can ride back into the urban jungle to prey on their next grab-and-go victim.
Simply put, the primary interest of these criminal gangs generally doesn’t seem to be in the phone hardware they get their hands on.
A stolen phone can be difficult to sell on these days, especially if the criminals aren’t able to register themselves as the official owners before it gets reported and blocked by the legitimate owner or by the networks in the region.
Their immediate interest is the apps and data on the phone, given that it was unlocked when they grabbed it.
They’re betting that their victims are unlikely to have a backup device handy that they can use within a minute or two to lock the stolen phone remotely.
Their criminal plan is therefore to start draining the stolen device, and the online services it gives them access to, as soon and as comprehensively as they can,
The average user’s unlocked phone may very well give practiced criminals access to more money (perhaps much more), directly and indirectly, than the price they could get for the phone even if they were able to sell it second-hand entirely legitimately.
That’s because a phone and the apps available on it will inevitably include some, many, or all of the following:
Note that if your phone gets plundered while it’s unlocked, access to the sort of data listed above doesn’t just put you, your identity, and your finances at risk, but puts your family and friends in harm’s way, too.
The criminals can now contact them and talk to them – for example, to pitch rogue cryptcoin investments or to beg for emergency financial help – in such a way that that they may indeed be convinced it’s you at the other end of the conversation.
The best precaution, and almost certainly the most effective protection, against having your phone snatched while you are walking…
…is also one of the simplest: Don’t walk with your phone unlocked at all.
Lock it and put it away out of sight when you’re on foot; only get it out and use it where you have a reasonable chance of spotting a snatch-and-run attempt before it actually happens.
Although this won’t eliminate the risk of losing your phone or having it stolen by thieves of a more surreptitious sort, it will greatly reduce the risk of crooks getting full control over it while it’s unlocked.
It will also make you more aware (or, to judge by some phone-distracted walkers, aware in any sense at all) of your surroundings, and therefore much less likely to step in front of a moving vehicle or to walk head-first into a road sign or light pole.
Of course, it’s not always convenient or practical to do this, for instance if you’re following a live online mapping app in an unfamiliar area.
In cases like this, there are things you can do to limit your exposure if you get robbed, but they are annoyingly different between Android and iOS devices, and may not protect your device quite as comprehensively as you might expect.
Nevertheless, they’re worth knowing about:
Here are some additional phone-based data protection tips to help you improve your security more generally, including against phone-grab criminals:
Be aware of your surroundings every time you use your phone or laptop: If in doubt, don’t get it out.
Why not ask how SolCyber can help you do cybersecurity in the most human-friendly way? Don’t get stuck behind an ever-expanding convoy of security tools that leave you at the whim of policies and procedures that are dictated by the tools, even though they don’t suit your IT team, your colleagues, or your customers!
Paul Ducklin is a respected expert with more than 30 years of experience as a programmer, reverser, researcher and educator in the cybersecurity industry. Duck, as he is known, is also a globally respected writer, presenter and podcaster with an unmatched knack for explaining even the most complex technical issues in plain English. Read, learn, enjoy!