Feeds

That 'wiped' Android phone you bought is stuffed with NAKED SELFIES – possibly

Infosec bods sound alarm after copping eyefuls of nudie pics

Protecting against web application threats using SSL

It's hard being a security researcher. Several of them just had to view thousands of nude selfies pulled from second-hand phones and tablets for a campaign warning people who sell old devices.

The beleaguered infosec bods saw 750 photos of naked women and 250 images of manhood from a pool of 40,000 photos still stored on a mere 20 second-hand Android devices. A factory reset of the gadgets is not enough to securely remove files, the researchers have suggested: the sensitive data has to be overwritten.

Leaving personal information lingering in the flash memory could lead to more than mere embarrassment for victims, if buyers combined location coordinates from photographs' EXIF data and Facebook profile debris that allowed stalkers and perverts to zero-in on selfie stars.

Worse, the thousand Google searches and scattering of job applications also uncovered could facilitate targeted attacks and financial fraud.

"Put all of these pieces together to complete the puzzle and you have a clear picture of who the former smart phone owner was," Avast mobile president John McColgan said.

"Stalkers, enemies, and thieves can abuse personal data to stalk, blackmail and steal people’s identities. They can use this information to watch people’s every move, exploit their strange fetishes, open credit cards in their name, or even continue what they started by further selling their personal information online."

The amount of stored flesh hocked on eBay and co could boggle the mind; Avast said a whopping 80,000 devices were flogged online every day.

McColgan said data needed to be overwritten and deleted before devices were sold in order to prevent forensic recovery, and promoted its free Android anti-theft tool as a solution.

Avast wasn't the first to buy second hand devices to probe for personal data. In 2012 McAfee bought 30 devices on which it found banking details, social media and email logins and photos. A year earlier, Sophos snapped up a bag of lost USBs flogged at an auction run by Sydney's train transport service.

This author has previously found personal data on second-hand devices purchased online. One punter was so casual when selling an iPad they did not even turn off the device, let alone wipe photos and emails stored within. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.