With the huge number of mobile devices currently in use, there is now an increased threat of loss or theft of devices. Thus, unauthorized physical access may come about when an unauthorized party, perhaps with no premeditated malicious intent, obtains a device. The device might be a laptop computer, a personal digital assistant (PDA), a cell phone, or a device with both data and voice communication capabilities. Even a device not considered mobile (e.g. a desktop computer) may be stolen or may be accessed by someone entering an area to which they do not have authorized access. Alternatively, the need may arise to cease authorization of a previously authorized user. In all of the aforementioned circumstances, the physical access authorization status of the device will be said to have changed from “authorized” to “unauthorized.” Anyone subsequently using the device is presumed to be an unauthorized user and will be called simply “the user.” This is in contrast with the term “authorized user,” which will be used to denote someone who has lost or had a device stolen.
For devices whose physical access authorization status has become unauthorized, it is well known in the prior art to disable the device by means of a remote command transmitted over a network. This can also be accomplished even if the compromised device is only capable of receiving communication from a single external device, provided that device is the one that issues the command. As a result, although the user may have physical access to the device, he/she can make no practical use of it. The disabling may take a variety of forms: the device may be remotely turned off with no way to turn it on again at the device; or it may remain capable of being turned on, but the user may be unable to log-on to the network, make a phone call, etc. even if he/she uses a password that would ordinarily have granted such access to the capabilities of the device.
Such disabling does not help determine the location of the device or the identity of the unauthorized person in possession of the device if said location and/or identity are unknown. Nor does it help investigate the activities of a previously authorized user who is no longer trusted to have authorized access.
What is needed is a method and system for providing a honeypot mode of operation for an electronic device that is capable of communicating with an external device.