Feeds

Giving your old Tesco Hudl to Auntie June? READ THIS FIRST

You can never wipe supermarket slab clean enough

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

UK supermarket Tesco’s Hudl tablet will offer up data from past users – even if it’s been factory reset.

The Register spoke to Ken Munro from security firm Pen Test Partners, who said he'd bought 17 Hudls and AllWinner tablets from eBay and found that not only does the reset process not wipe all the data, it’s possible to retrieve account details and login information.

Monro told El Reg: "The factory data reset doesn’t appear to zero all sectors on the disc; it’s simply too quick a reset process to do so."

He went on to confirm the suspicions: "So then we bought a few Tesco refurbished Hudls from the Tesco Outlet Store on eBay. Whilst two of them had been correctly zeroed using a wiping product, one was not. From this we recovered some of the previous owners personal data, again including social media and mail profiles."

He does, however, suspect this might be a one-off as Tesco has told him it does use erasing software, and it looked as though a partial wipe had been attempted.

Google’s advice is to run encryption software before resetting but Munro points out that this doesn’t work with Android 4.2.2 (Jellybean), which runs on the Hudl. There's no option in the menus and Munro points to the Rockchip CPU which powers the Hudl as that doesn't handle encryption of the user data partition.

One area which particularly worries Munro is that tablets are often put on eBay with broken screens and that these will not have been wiped at all. He points out that cheap tablets are often bought for children and by selling on a tablet which has the child’s social network data, the parent might be unwittingly aiding a stalker who could use the identity of the child to stalk other children.

Munro's fears go beyond that: "It also helps the stalker avoid a police sting – a copper would not be using a cheap tablet to sting a stalker with! They would be using a carefully managed and secured PC in a police building somewhere."

Munro is now working with Tesco, but the general advice is to use a third party tool to wipe any device before sale. ®

Beginner's guide to SSL certificates

More from The Register

next story
Xperia Z3: Crikey, Sony – ANOTHER flagship phondleslab?
The Fourth Amendment... and it IS better
Don't wait for that big iPad, order a NEXUS 9 instead, industry little bird says
Google said to debut next big slab, Android L ahead of Apple event
Microsoft to enter the STRUGGLE of the HUMAN WRIST
It's not just a thumb war, it's total digit war
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Netscape Navigator - the browser that started it all - turns 20
It was 20 years ago today, Marc Andreeesen taught the band to play
A drone of one's own: Reg buyers' guide for UAV fanciers
Hardware: Check. Software: Huh? Licence: Licence...?
The Apple launch AS IT HAPPENED: Totally SERIOUS coverage, not for haters
Fandroids, Windows Phone fringe-oids – you wouldn't understand
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.