Mobile data harvesting is easy, warn researchers

University researchers retrieved "large amounts of sensitive data" from returned corporate mobiles

An experiment at the University of Glasgow has suggested that it may be more straightforward to steal sensitive data from mobile phones than some companies might imagine.

Masters students who took 32 handsets returned by employees at "one Fortune 500 company" and tried to retrieve as much information from the low-end devices as possible found that they could harvest "large amounts" of sensitive corporate and personal information, even from such a small sample.

Companies are leaving themselves open to potentially serious security and legal risks by employees' improper use of corporate mobile devices, according to a University statement released this morning.

"The data yielded by this study on 32 handsets included a number of items that could potentially cause significant security risks and lead to the leakage of valuable intellectual property or expose the company to legal conflicts," it said.

The statement went on to suggest that the results may indicate that the current corporate policies and processes, including technical practices, governing data security are insufficient and not keeping pace with the expansion of smartphone use in the enterprise.

Both the company and the individual could be at risk – and cloud computing magnifies the possibility, it suggested.