Feeds

Sensitive data easily swiped from eBayed mobiles

Smut, logins and bank card PINs - oh my!

High performance access to file storage

Second-hand mobile phones sold on by their owners often contain extensive personal and sensitive data that leave sellers open to identity theft and other privacy risks.

Pre-owned mobile phones and SIM cards purchased on eBay or from shops were checked using readily available equipment to see what personal information was left on the handsets. Around half the handsets and chips examined by ethical hacker Jason Hart still held sensitive information.

Hart was able to recover all sorts of interesting nuggets using a mobile phone SIM Reader (something that can be bought from most electric stores), SIM recovery software and forensic examination software.

A total of 247 pieces of data were recovered from a total 19 of the 35 mobile phones and 27 of the 50 SIM cards. Data left on these handsets and communication devices included many photos (including pornographic images), bank details, login details for social networking sites and PIN numbers as well as private texts and emails.

In a separate poll, most sellers (80 per cent) claimed they had wiped their mobiles before selling them, with six in ten stating they were confident that no personal data was left on devices subsequently offered up for sale.

CPP, which provides mobile phone insurance and paid for the research, said sellers of second hand kit need to be more careful they remove all their personal information before selling on their smartphones or handing them on as a gift to friends or family members.

Hart, senior VP of CRYPTOCard, the security firm CPP hired to take care of the science bit of the exercise, said users ought to destroy SIM cards before handing over smartphones.

"The safest way to remove all of your data from a mobile phone or SIM card is to totally destroy the SIM and double check to ensure that all content has been removed from your phone before disposal," Hart said.

Hart added that newer generations of smartphones tended to store vastly more information than older mobile phones, a factor sellers disregard at their peril.

"With new technology does come new risks and our experiment found that newer smartphones have more capabilities to store information and that information is much easier to recover than on traditional mobiles due to the increase of applications," Hart explained. ®

SANS - Survey on application security programs

More from The Register

next story
A black box for your SUITCASE: Now your lost luggage can phone home – quite literally
Breakfast in London, lunch in NYC, and your clothes in Peru
Broadband Secretary of SHEEP sensationally quits Cabinet
Maria Miller finally resigns over expenses row
AT&T threatens to pull out of FCC wireless auctions over purchase limits
Company wants ability to buy more spectrum space in auction
EE dismisses DATA-BURNING glitch with Orange Mail app
Bug quietly slurps PAYG credit - yet EE denies it exists
Like Google, Comcast might roll its own mobile voice network
Says anything's possible if regulators approve merger with Time Warner
Turnbull leaves Australia's broadband blackspots in the dark
New Statement of Expectations to NBN Co offers get-out clauses for blackspot builds
Facebook claims 100 MEEELLION active users in India
Who needs China when you've got the next billion in your sights?
Facebook splats in-app chat, whacks brats into crack yakety-yak app
Jibber-jabbering addicts turfed out just as Zuck warned
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.