Feeds

That 'wiped' Android phone you bought is stuffed with NAKED SELFIES – possibly

Infosec bods sound alarm after copping eyefuls of nudie pics

Security for virtualized datacentres

It's hard being a security researcher. Several of them just had to view thousands of nude selfies pulled from second-hand phones and tablets for a campaign warning people who sell old devices.

The beleaguered infosec bods saw 750 photos of naked women and 250 images of manhood from a pool of 40,000 photos still stored on a mere 20 second-hand Android devices. A factory reset of the gadgets is not enough to securely remove files, the researchers have suggested: the sensitive data has to be overwritten.

Leaving personal information lingering in the flash memory could lead to more than mere embarrassment for victims, if buyers combined location coordinates from photographs' EXIF data and Facebook profile debris that allowed stalkers and perverts to zero-in on selfie stars.

Worse, the thousand Google searches and scattering of job applications also uncovered could facilitate targeted attacks and financial fraud.

"Put all of these pieces together to complete the puzzle and you have a clear picture of who the former smart phone owner was," Avast mobile president John McColgan said.

"Stalkers, enemies, and thieves can abuse personal data to stalk, blackmail and steal people’s identities. They can use this information to watch people’s every move, exploit their strange fetishes, open credit cards in their name, or even continue what they started by further selling their personal information online."

The amount of stored flesh hocked on eBay and co could boggle the mind; Avast said a whopping 80,000 devices were flogged online every day.

McColgan said data needed to be overwritten and deleted before devices were sold in order to prevent forensic recovery, and promoted its free Android anti-theft tool as a solution.

Avast wasn't the first to buy second hand devices to probe for personal data. In 2012 McAfee bought 30 devices on which it found banking details, social media and email logins and photos. A year earlier, Sophos snapped up a bag of lost USBs flogged at an auction run by Sydney's train transport service.

This author has previously found personal data on second-hand devices purchased online. One punter was so casual when selling an iPad they did not even turn off the device, let alone wipe photos and emails stored within. ®

Beginner's guide to SSL certificates

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.