Feeds

That 'wiped' Android phone you bought is stuffed with NAKED SELFIES – possibly

Infosec bods sound alarm after copping eyefuls of nudie pics

Choosing a cloud hosting partner with confidence

It's hard being a security researcher. Several of them just had to view thousands of nude selfies pulled from second-hand phones and tablets for a campaign warning people who sell old devices.

The beleaguered infosec bods saw 750 photos of naked women and 250 images of manhood from a pool of 40,000 photos still stored on a mere 20 second-hand Android devices. A factory reset of the gadgets is not enough to securely remove files, the researchers have suggested: the sensitive data has to be overwritten.

Leaving personal information lingering in the flash memory could lead to more than mere embarrassment for victims, if buyers combined location coordinates from photographs' EXIF data and Facebook profile debris that allowed stalkers and perverts to zero-in on selfie stars.

Worse, the thousand Google searches and scattering of job applications also uncovered could facilitate targeted attacks and financial fraud.

"Put all of these pieces together to complete the puzzle and you have a clear picture of who the former smart phone owner was," Avast mobile president John McColgan said.

"Stalkers, enemies, and thieves can abuse personal data to stalk, blackmail and steal people’s identities. They can use this information to watch people’s every move, exploit their strange fetishes, open credit cards in their name, or even continue what they started by further selling their personal information online."

The amount of stored flesh hocked on eBay and co could boggle the mind; Avast said a whopping 80,000 devices were flogged online every day.

McColgan said data needed to be overwritten and deleted before devices were sold in order to prevent forensic recovery, and promoted its free Android anti-theft tool as a solution.

Avast wasn't the first to buy second hand devices to probe for personal data. In 2012 McAfee bought 30 devices on which it found banking details, social media and email logins and photos. A year earlier, Sophos snapped up a bag of lost USBs flogged at an auction run by Sydney's train transport service.

This author has previously found personal data on second-hand devices purchased online. One punter was so casual when selling an iPad they did not even turn off the device, let alone wipe photos and emails stored within. ®

Internet Security Threat Report 2014

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
Carders punch holes through Staples
Investigation launched into East Coast stores
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.