Feeds

Sensitive data easily swiped from eBayed mobiles

Smut, logins and bank card PINs - oh my!

High performance access to file storage

Second-hand mobile phones sold on by their owners often contain extensive personal and sensitive data that leave sellers open to identity theft and other privacy risks.

Pre-owned mobile phones and SIM cards purchased on eBay or from shops were checked using readily available equipment to see what personal information was left on the handsets. Around half the handsets and chips examined by ethical hacker Jason Hart still held sensitive information.

Hart was able to recover all sorts of interesting nuggets using a mobile phone SIM Reader (something that can be bought from most electric stores), SIM recovery software and forensic examination software.

A total of 247 pieces of data were recovered from a total 19 of the 35 mobile phones and 27 of the 50 SIM cards. Data left on these handsets and communication devices included many photos (including pornographic images), bank details, login details for social networking sites and PIN numbers as well as private texts and emails.

In a separate poll, most sellers (80 per cent) claimed they had wiped their mobiles before selling them, with six in ten stating they were confident that no personal data was left on devices subsequently offered up for sale.

CPP, which provides mobile phone insurance and paid for the research, said sellers of second hand kit need to be more careful they remove all their personal information before selling on their smartphones or handing them on as a gift to friends or family members.

Hart, senior VP of CRYPTOCard, the security firm CPP hired to take care of the science bit of the exercise, said users ought to destroy SIM cards before handing over smartphones.

"The safest way to remove all of your data from a mobile phone or SIM card is to totally destroy the SIM and double check to ensure that all content has been removed from your phone before disposal," Hart said.

Hart added that newer generations of smartphones tended to store vastly more information than older mobile phones, a factor sellers disregard at their peril.

"With new technology does come new risks and our experiment found that newer smartphones have more capabilities to store information and that information is much easier to recover than on traditional mobiles due to the increase of applications," Hart explained. ®

High performance access to file storage

More from The Register

next story
A black box for your SUITCASE: Now your lost luggage can phone home – quite literally
Breakfast in London, lunch in NYC, and your clothes in Peru
Broadband Secretary of SHEEP sensationally quits Cabinet
Maria Miller finally resigns over expenses row
Skype pimps pro-level broadcast service
Playing Cat and Mouse with the media
Beat it, freetards! Dyn to shut down no-cost dynamic DNS next month
... but don't worry, charter members, you're still in 'for life'
Like Google, Comcast might roll its own mobile voice network
Says anything's possible if regulators approve merger with Time Warner
EE dismisses DATA-BURNING glitch with Orange Mail app
Bug quietly slurps PAYG credit - yet EE denies it exists
Turnbull leaves Australia's broadband blackspots in the dark
New Statement of Expectations to NBN Co offers get-out clauses for blackspot builds
Facebook claims 100 MEEELLION active users in India
Who needs China when you've got the next billion in your sights?
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.