Factory settings FAIL: Data easily recovered from eBayed smartphones, disks
Gotta hand it to Apple and that encryption key, it really works
Data recovery experts have found a raft personal information from used hard drives and mobile phones purchased from Amazon, eBay and Gazelle in the UK, US and Germany.
The research, by Blancco Technology Group and Kroll Ontrack, once again shows that failure to erase data from discarded devices continues to be a problem, years after the issue first surfaced.
Residual data was recovered from 35 per cent of the mobile phones analysed. This information included 2,153 emails and 10,838 texts. In more than half of the devices from which data was recovered, it was kit where the user had attempted to delete it, normally a restoration of factory settings.
As most Reg readers will know this process does not actually overwrite or delete data and simply restores kit to its original state, meaning the information is still readily recoverable for those with access to specialised software.
Some devices contained enough data to easily identify the original owner. Interestingly, no residual data was found on any of the Apple iOS devices analysed.
Paul Henry, IT Security Consultant for the Blancco Technology Group, explained that the latter was down to features in Apple’s mobile technology, rather than fanbois' enhanced privacy savvy.
“Apple devices use encrypted storage so deletion of the encryption key makes recovery impossible,” Henry explained. “But Android devices, on the other hand, do not use this method and rely upon a user overwriting data to erase it and prevent it from being recoverable.”
Users generally default to “factory reset, regardless of their device’s operating system, manufacturer and model”, he said. Data erasure failures and consumer kit issues first surfaced in the PC world years ago* and seemingly remain a problem even today.
Blancco/Kroll purchased a set of hard drives, and found that 75 per cent showed that a deletion attempt was made. One in four were resold without any deletion method applied. Files were successfully recovered from almost half (48 per cent) of the hard drives analysed.
Only six per cent of the hard disk and solid state drives analysed were erased using the random overwrite method deployed by erasure software. This method proved completely effective in preventing data recovery from these drives.
Simply reformatting drives is not enough because data can be recovered in such cases by anyone with the right technical skills, given a bit of time and effort.
In total 122 devices were analysed, 102 hard drives and 20 mobile devices, which included both smartphones and tablets.
“Whether you’re an individual, a business or a government/state agency, failing to wipe information properly can have serious consequences," Blancco’s Henry added.
"One of the more glaring discoveries from our study is that most people attempt in some way or another to delete their data from electronic equipment. But while those deletion methods are common and seem reliable, they aren’t always effective at removing data permanently and they don’t comply with regulatory standards,” he concluded.®
* Data erasure oversights have been an issue for 15 years, if not before. For example, way back in 2000 an obsolete PC sold on by a Morgan Grenfell Asset Management was found to contain files relating to Sir Paul McCartney's private cash dealings, as El Reg reported at the time.
Sponsored: Becoming a Pragmatic Security Leader