Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Jewel Thieves Also Made Off with Kim Kardashian's Cell Phones

As most of the world is now aware, Kim Kardashian-West was robbed at gunpoint inside her Paris hotel room by two armed masked men posing as police officers. In addition to the millions of dollars worth of jewelry they stole, they also took two cell phones before fleeing on bikes.

She is sure to be emotionally recovering, and mourning the loss of the hopefully-insured trove of diamonds and whatnot that the thieves are likely fencing as we speak.

But the question remains: Why the phones? Did the perps think they could access valuable data? Or maybe just wipe the units and sell them? The latter seems like a petty endeavor when you have millions and millions of dollars’ worth of glittering rocks to sell.

Marie White, CEO and president, Security Mentor, noted via email that the immediate risk to Kardashian-West—and the potential benefit to the thieves—depends on what she has done to protect her phone. If she is using an encrypted phone with a strong passphrase, her risk is low (assuming she doesn’t have that passphrase written down in anything that was stolen).

“However, if Kim is using a weak password or passphrase (e.g. easily found information, a keyboard sequence, or common password), then that risk goes way up,” White noted. “It may be only a matter of time until someone cracks it. However, if the phone has no password or passphrase, and no encryption, then all of her information on that phone should be considered exposed. If Kim uses her phone to store accounts, credit cards, other financial information or passwords, or stays signed in to apps, those would all be at the criminal’s fingertips.”

Andrew McDonnell, vice president, Security Solutions, AsTech Consulting, said that with an updated iPhone, any concern may be moot.

“There are two important considerations and one movie-plot exception,” he said. “Newer iPhones render passcode brute-forcing nearly impossible via hardware security modules that protect each phone's unique encryption key and will not release it without the correct passcode. With even a weak passcode in place, most actors—including most jewel thieves—are eliminated from being able to recover data. Once a phone is lost, Apple's Find My iPhone service can be used to further lock down or even erase the device so long as it connects to the internet at any point in the future.”

If the phones had passcodes and Find My iPhone is enabled, the only way that the phones could still be compromised is if the thieves used Airplane Mode to disconnect the phones from the internet before they could be erased and then managed to manually override the hardware security modules in order to be able to brute-force the passcode. It’s a task that even seasoned infosecurity researchers can’t often succeed at.

“I consider jewel thieves who also happen to be hardware security experts a movie-plot scenario and not likely even for high-profile victims,” McDonnell said. “If I were Ms. Kardashian West, I wouldn't worry about my data so long as I had passcodes in place and promptly set the devices to be wiped by Find My iPhone.”

White pointed out that another risk Kardashian-West may face is the loss of her data and pictures.

“If she didn’t back up her phone either to her computer or in the cloud, the information on that device will be lost,” she said. “Many people use their phones now to document their lives, such as their children’s photos, and such a loss can be devastating. In addition, any apps or entertainment purchased would also be lost if not backed up. Backups should always be done securely, however, as the theft of that information from the cloud could also put you or your family at risk.”

So, the bottom line is that there are few clues as to why in the world jewel thieves would bother with taking devices that they probably won’t be able to do anything with (and which could actually help law enforcement track them down via the Find My iPhone feature). But, as White noted: “This horrific event offers others the opportunity to assess the security of their own phones, as well as in other matters, and hopefully take measures to protect themselves.”

Photo © Helga Estab/Shutterstock.com

What’s Hot on Infosecurity Magazine?