The personal spy: the smartphone in your pocket may be spying on you, I

or wipe computer hard drives before throwing them away, but the same thing is not yet happening with cellphones, says Jones. At the same time, we are recycling ever greater numbers of handsets. According to market analysts ABI Research, by 2012 over 100 million cellphones will be recycled for reuse each year.

As part of a study to find better ways to protect cellphone data, Jones recently acquired 135 cellphones and 26 BlackBerry devices from volunteers, cellphone recycling companies and online auctioneers eBay. Around half of the devices could not be accessed because they were faulty. In the experiment in which Geddes participated, they were unable to retrieve any data from a BlackBerry, or the Samsung E590.

Jones’s team, though, found 10 phones that contained enough personal data to identify previous users, and 12 had enough information for their owner’s employer to be identified — even though just three of the phones contained SIM cards.

Of the 26 BlackBerrys, four contained information from which the owner could be identified and seven contained enough to identify the owner’s employer. “The big surprise was the amount we got off the BlackBerry devices, which we had expected to be much more secure,” says Jones. While BlackBerry users have the option of encrypting their data or sending a message to purge data from their phones should it be sold or stolen, many had not done this. “Security is only any good if you turn the damned thing on,” says Jones.

Security is only any good if you turn the damned thing on

His team managed to trace one BlackBerry back to a senior sales director of a Japanese corporation. They recovered his call history, 249 address book entries, his diary, 90 e-mail addresses, and 291 e-mails. This enabled them to determine the structure of his organization and responsibilities of individuals working within it; the organization’s business plans for the next period; its main customers and the state of its relationships with them; travel and accommodation arrangements of the individual; his family details — including children, their occupations and movements, marital status, addresses, domestic arrangements, appointments and addresses for medical and dental care; his bank account numbers and sort codes, and his car registration index. Two further BlackBerrys “contained details of a personal nature about the owner and other individuals that would have caused embarrassment or distress if it had become publicly known”, says Jones.

Although his team used specialist forensic software to retrieve data from the phones, much of it could be obtained directly from the handsets themselves, or by using simple software of the kind that is sold with a phone. “This was not designed to be a sophisticated attack, it used simple techniques that anyone would have access to,” Jones says.

This is bad news, Geddes writes, considering that around 20 millions handsets were lost or stolen worldwide in 2008, according to U.K. data-security specialists Recipero. So how can people go about making their phones more secure? Turning on the security settings is an important first step, says McGeehan, as this may dissuade potential thieves from going to the effort of trying to crack the codes. Then make sure you delete anything you want to keep secret, while bearing in mind that it is often possible to recover it. “I work on the basis that anything I put on there I’ve got to be prepared for people to see,” says McGeehan.

As for me,” Geddes writes, “I’ve taken to deleting potentially incriminating messages as soon as they arrive in my inbox — and reproving the sender in return. I have also passed my old handset to my husband for safekeeping. If those brazen messages must fall into someone else’s hands, I’d rather they were the hands of the Don Quixote who composed them than a smirking IT geek in a distant windowless room.”

Tomorrow: Future phones