Menu

TECH

Why Smart Crooks Don't Use Smartphones

How does the modern criminal plan out a caper? Not on a cellphone -- if he's smart, that is. 

Smartphones can take pictures tagged to a particular location and time, provide turn-by-turn directions, find the closest gas station or the best nearby Italian restaurant, and communicate via voice, texting, e-mail and even videoconferencing.

They can also store all that information, yielding everything the cops need to capture a bad guy.

The iPhone is particularly popular with cops, because it's so popular with consumers. 

Forensics experts say that when an iPhone or other smartphone is involved in an investigation, it can provide an extensive set of digital fingerprints -- and digital footprints -- telling law enforcement where you've been, when you were there, and whom you've been communicating with.

"There's plenty of information an iPhone hangs onto," Jonathan Zdziarski, author of iPhone Forensics, told FoxNews.com. "For example, the iPhone takes a screen shot every time you hit the home button, including shots of your e-mail with the time stamped on it."

Such information can be critical in a criminal investigation.

"When someone tells me they have an iPhone in a case, I say, 'Yeah!' I can do tons with an iPhone," Detective Josh Fazio told the Chicago Sun-Times.

It's not difficult to understand law enforcement's enthusiasm for the iPhone. Equipped with GPS, a camera, and a Web browser, it can provide a wealth of data to police trying to track a criminal's movements and actions:

  *  Mapping software will store locations you've searched or directions you've received.

  *  The auto correcting typing feature of iPhones actually stores words you've typed, which could potentially be accessed months after a message was sent and deleted.

  *  Photos taken with the phone can contain information about where, when and with which device the image was captured.

  *  Web browser information is also often stored, such as reservations the owner has made or sites they have visited.

The iPhone is obviously a major focus in terms of forensic work, given its popularity, but similar vulnerabilities exist with the growing number of Android-based phones on the market, such as the Motorola Droid X, according to Andrew Hoog, chief investigative officer, at viaForensics.

"Many [Android] apps are being rushed to market, and they can have substantial holes," Hoog told FoxNews.com.

Furthermore, some passwords end up being stored as plain text on phones, including corporate e-mail and eBay passwords. 

"It's practically impossible for an end user to completely wipe a phone clean," says Hoog.

So if you're not planning to commit a crime, should you worry? Maybe.

Smart phones are rapidly replacing desktop computers as the repository for a wealth of personal information, including banking passwords, personal contact information, text messages, and social-networking pages. Give someone access to your phone and you're giving them access to your life.

Many people are banking on their iPhones, for example. Watch out. Citigroup recently revealed that its mobile-banking application for the iPhone was secretly storing personal information, possibly including account numbers, access codes, and balance information. 

"We discovered that our U.S. Citi Mobile iPhone banking app was accidentally saving information related to customer accounts in a hidden file on their iPhones," Citi said in a prepared statement. The company then issued an updated version of the software to correct the problem, but the vulnerability shows that even a bank -- which focuses intently on security -- can leave smartphone users vulnerable.

Do you carefully delete all of that personal data to play it safe? No matter, it still may be accessible to thieves or law enforcement. 

"If you delete a file, the message remains on the phone" until the software overwrites it with another piece of data, explained Zdziarski. And that may be a long time. Zdziarski cited cases he's worked on with law enforcement where he recovered messages that had been deleted months before.

Remember, as well, that former Detroit Mayor Kwame Kilpatrick landed in hot water and eventually jail two years ago because he didn't realize personal text messages were being stored by his SkyTel service. Indeed, even if you're using another carrier or service, your deleted text message may be stored elsewhere.

Typically, AT&T and Verizon keep cellphone text messages for only about 3 days. After that they are deleted from the carriers' computers. However, many companies store text messages longer to meet legal and fiduciary responsibilities. So if you're using a company phone, all your messages may be stored on the company computers.

Zdziarski concedes that iPhones aren't particularly better or worse than other smart phones on the market in terms of the information they store. However, he does have some advice for consumers.

"People need to be aware that that racy picture you took is still going to be on there even after you delete it," he warned. "So figure out what information is valuable to you, and don't put that on your phone."

Follow John R. Quain on Twitter @jqontech or find more tech coverage at J-Q.com.

John R. Quain is a personal tech columnist for FoxNews.com. Follow him on Twitter @jqontech or find more tech coverage at J-Q.com.