Sensitive data easily swiped from eBayed mobiles
Smut, logins and bank card PINs - oh my!
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
Second-hand mobile phones sold on by their owners often contain extensive personal and sensitive data that leave sellers open to identity theft and other privacy risks.
Pre-owned mobile phones and SIM cards purchased on eBay or from shops were checked using readily available equipment to see what personal information was left on the handsets. Around half the handsets and chips examined by ethical hacker Jason Hart still held sensitive information.
Hart was able to recover all sorts of interesting nuggets using a mobile phone SIM Reader (something that can be bought from most electric stores), SIM recovery software and forensic examination software.
A total of 247 pieces of data were recovered from a total 19 of the 35 mobile phones and 27 of the 50 SIM cards. Data left on these handsets and communication devices included many photos (including pornographic images), bank details, login details for social networking sites and PIN numbers as well as private texts and emails.
In a separate poll, most sellers (80 per cent) claimed they had wiped their mobiles before selling them, with six in ten stating they were confident that no personal data was left on devices subsequently offered up for sale.
CPP, which provides mobile phone insurance and paid for the research, said sellers of second hand kit need to be more careful they remove all their personal information before selling on their smartphones or handing them on as a gift to friends or family members.
Hart, senior VP of CRYPTOCard, the security firm CPP hired to take care of the science bit of the exercise, said users ought to destroy SIM cards before handing over smartphones.
"The safest way to remove all of your data from a mobile phone or SIM card is to totally destroy the SIM and double check to ensure that all content has been removed from your phone before disposal," Hart said.
Hart added that newer generations of smartphones tended to store vastly more information than older mobile phones, a factor sellers disregard at their peril.
"With new technology does come new risks and our experiment found that newer smartphones have more capabilities to store information and that information is much easier to recover than on traditional mobiles due to the increase of applications," Hart explained. ®
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
COMMENTS
Not just ebay...
I recently purchased an HTC phone from a UK retailer. The box was sealed, and all looked good.
The phone looked brand new and worked perfectly.
Being the techie that I am, the first thing I did was install a file manager and start poking about. On the SD card I found some temporary files, thumbnails of websites (used by the browser when bookmarks were viewed in tile mode) and some of the sites were ones I hadn't ever been to. It also included a thumbnail of somebody else's facebook page!
More digging ensued (still not having to resort of data recovery tools, just browsing directories), and I soon found two receipts in PDF files which had been downloaded as email attachments which included an email address. So I emailed him.
Turns out my "New" phone had been pre-loved for a few days by someone else who had returned it under the UK distance selling regulations.
Although I am perfectly happy with the phone and quite happy to keep it, I do feel that if I pay for a new phone I expect a new phone. Car dealer ships sell "demonstrators" at a discount after all.
I'm sure the distance selling regulation have hugely increased this kind of occurrence, but they would have got away with it if they had a vague clue about the products they were selling.
Note: Android's "factory reset" / "wipe user data" does not clear the SD card.
I will be contacting the company concerned very shortly.
and MS gets richer
whether you use DBAN or buy a new HD, an new OS licence is needed since of course a recovery CD/DVD is seldom provided, and most likely MS will increase even more its licence to computer ratio. Thiefs.
Used!
"I've searched but been unable to find a legal definition of when a consumer good changes from 'new' to 'used',"
That phone is used. Honest dealers will usually sell that sort of thing as as "returns", "refurbished" or "B Grade". Also under the sale of goods act I'm pretty sure that particular phone was not "as described" if it was clearly described as a new phone.
You don't strictly need a legal definition of the word used, or indeed pre-owned or second user. They are pretty self explanatory in and of themselves. "Used" - somebody has used it. "Pre-Owned" - somebody else owned it before you. "Second User" - you are the second user of the phone. All of them would be taken to mean second hand and I'm pretty sure a court of law would agree.
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
Data control in the cloud
