The spy in your pocket.

New Scientist challenges a team of professional electronic snoops, who prove that strangers can learn more than you think from your phone:

I’ve just walked into a windowless room on an industrial estate in Tamworth, UK, where three cellphone analysts in blue shirts sit at their terminals, scrutinising the contents of my phone and smirking. “If it’s any consolation, we would have found them even if you had deleted them,” says one.

Worse, it seems embarrassing text messages aren’t the only thing I have to worry about: “Is this a photo of your office?” another asks (the answer is yes). “And did you enjoy your pizza on Monday night? And why did you divert from your normal route to work to visit this address in Camberwell, London, on Saturday?”

I’m at DiskLabs, a company that handles cellphone forensic analysis for UK police forces, but also for private companies and individuals snooping on suspect employees or wayward spouses. Armed with four cellphones, which I have begged, borrowed and bought off friends and strangers, I’m curious to know just how much personal information can be gleaned from our used handsets and SIM cards.

When Buck looked at my colleague’s iPhone, he found two 4-digit numbers stored in his address book under the names “M” and “V”. A search through his text messages revealed a few from Virgin informing him that a new credit card, ending in a specific number, had just been mailed to him. Buck guessed that “M” and “V” were PIN codes for the Virgin credit card and a Mastercard – and he proved to be correct on both counts.

“Out of context, an individual piece of information such as an SMS is almost meaningless,” says Jones. “But when you have a large volume of information – a person’s diary for the year, his emails, the plans he’s building – and you start to put them together, you can make some interesting discoveries.”

In this way the DiskLabs team also identified my colleague’s wife’s name, her passport number and its expiry date, and that she banks with Barclays. Ironically, Barclays had contacted her regarding fraud on her card and she had texted this to her husband. Buck’s team also discovered my colleague’s email address, his Facebook contacts, and their email addresses.