Sunday, January 23, 2011

Cognitive Dissonance required to Secure iPhone

I was just sent a link to a good article on smart phone security and safety.  It got me thinking about the mistakes I had made in my iPhone info security strategy.  Why had I made these simple mistakes?

Common Sense Security for Your iPhone

This article is about the basic.  Since I've had my iPhone stolen on a trip to Europe I'm an expert.  My iPhone had at the time: Find My iPhone installed and active.  But it didn't work, as the iPhone was in Airplane mode (being in Europe and off the home AT&T network).  Since the iPhone would not connect to the network, the Wipe Commands from Apple would never reach the iPhone (in Airplane mode).  A severe limitation to the security while traveling out of country (and an opportunity for a global service provider).

My iPhone had Passcode turned on, it had SplashID - a safe for sensitive info like credit card numbers, etc.  I had all my credit card info, banking account numbers, driver's license, passport info, tons of membership cards in the SplashID app.

After trying to wipe the iPhone when it went missin
I tried to remote wipe the iPhone when it went missing.  After hours of turning the state room up side down and inside out.  Using the ship-board Internet connection was difficult, time consuming and results-questionable.  But the wipe never worked.  My best guess, even after talking with Apple tech support, is that the airplane mode assisted the thief - foiling the wipe.

I found the thief had most likely sold the iPhone because it appeared to have come into the possession of someone in the Asian content.  The phone was lost in Italy.  The possessor was using my Mobile Me account to store their contacts.  I emailed their mother and explained the appearance of their child's new iPhone that looked slightly used.  It may have been purchased on the black market.  Mom never responded to me.

What mistakes had I made?  I was quite panicked and sick.  Some of my credit card info was also in the iPhone's Contacts app.  Other sensitive info was in the Camera apps photo album (pictures of my passport and credit cards).

These mistakes were made because of the cognitive dissonance require for one to secure their smart phone.  One has the mental model that the apps and info stored and accessible via the iPhone should be quick to access and retrieve.  This model is in direct opposition to the need to secure the info.  Putting it into the safe requires several extra steps, retrieving it requires several extra steps, the discipline to segregate the info requires cognitive dissonance.

When I'm at the airplane checkin counter and the clerk ask for my frequent flyer account number, rather than finding it in the contacts app, I have to retain the discipline to open the safe, login to the safe, search the safe for the card and then I can answer the query.

But, I've learned a lesson. Yes, I failed.  I'm turning it into success. Now I'm just practicing, practicing, practicing the lesson.  I hope you will also.
Post a Comment