Evan Schuman's StorefrontBacktalk

You know that employees will search for a few minutes at least. Nobody wants to cry wolf—and generate a lot of help-desk and security paperwork—for a phone or tablet that was merely mislaid under a stack of loose papers.

Worse still, you know that when the device is found, everyone will assume there’s been no foul play. After all, the device is physically undamaged and it seems to work fine. And who wants a lot of paperwork to have equipment checked out when it was probably just lost for a few minutes?

That optimism is just human nature. (Well, human nature combined with a desire not to have lots of paperwork and a bad report in the employee’s file.) But it also means you could have an undetected loss of passwords—and a hacked iPhone or iPad that’s potentially being used to process payment cards or access your retail systems.

(While Apple’s iDevices have their security problems, there’s no guarantee that smartphones or tablets using other operating systems will be safer, according to the researchers. They just didn’t try their fast-break-in approach on any other devices.)

This is an obvious application for Apple’s recently patented technique for detecting phones that have been tampered with. Unfortunately, it’s not available yet. Meanwhile, those German researchers aren’t publishing exact how-to-do-it-yourself details of their exploit. But collecting the necessary software and duplicating their feat won’t be that difficult. The threat is real.

Fortunately, there are practical measures that help deal with the threat. You’re a retailer, which means you have antitheft technology. Cementing an unsightly security tag to the device makes it harder to sneak out of the store and less desirable to steal for resale.

Requiring that every device that goes missing, even briefly, be checked for tampering is a good idea. That shouldn’t require returning the device to the corporate office. The bad guys use scripts that can be run automatically to break into these devices; you should use scripts that can check for telltale signs of tampering.

An even better idea is to check all mobile devices for tampering each day, whether they’ve been reported missing or not. Checking those devices regularly also gives central IT the chance to do software updates and confirm what’s actively being used from each store’s device inventory. Daily is too often? Then make it weekly—but remember, you’re weakening your security, too.

There’s a side effect of implementing highly visible new security like antitheft tags and regular device inspections: Employees will notice and, for at least a little while, they’ll be more security conscious. That’s human nature, too—and those human associates are still the best way to keep mobile devices safe.