The personal spy: the smartphone in your pocket may be spying on you, I

 warns.

It is possible your phone could broadcast your location to others without your knowledge

A phone-based calendar could also leave you vulnerable. Police in the United Kingdom have already identified burglaries that were committed after the thief stole a phone and then targeted the individual’s home because their calendar said they were away on holiday, says Joe McGeehan, head of Toshiba’s research lab in Europe and leader of DTAAC’s Design Out Crime project, which recently set U.K. designers the challenge of trying to make cellphones less attractive to people like hackers and identity thieves. “It’s largely opportunistic, but if you’ve got all your personal information on there, like bank details, social security details and credit card information, then you’re really asking for someone to ‘become’ you, or rob you, or invade your corporate life,” McGeehan says.

When Buck looked at the iPhone of Geddes’s colleague, he found two 4-digit numbers stored in his address book under the names “M” and “V.” A search through his text messages revealed a few from Virgin informing him that a new credit card, ending in a specific number, had just been mailed to him. Buck guessed that “M” and “V” were PIN codes for the Virgin credit card and a Mastercard — and he proved to be correct on both counts.

“Out of context, an individual piece of information such as an SMS is almost meaningless,” says Jones. “But when you have a large volume of information — a person’s diary for the year, his e-mails, the plans he’s building — and you start to put them together, you can make some interesting discoveries.”

In this way the DiskLabs team also identified Geddes’s colleague’s wife’s name, her passport number,and its expiry date, and that she banks with Barclays. Ironically, Barclays had contacted her regarding fraud on her card and she had texted this to her husband. Buck’s team also discovered Geddes’s colleague’s e-mail address, his Facebook contacts, and their e-mail addresses.

This kind of personal data is valuable and can fetch a high price online. It is ideal for so-called 419 scams, for instance, in which you receive an e-mail asking for help in exporting cash from a foreign country via your bank account, in exchange for a share of the profits. “What they need to launch a successful 419 scam is personal information,” says Jones.

A growing awareness of identity theft means that many people now destroy