Slashdot Mirror

← Back to Stories (view on slashdot.org)

Half of Used Phones Still Contain Personal Info

Posted by samzenpus on from the what-do-we-have-here dept.

jhernik writes "More than half of second-hand mobile phones still contain personal information of the previous owner, posing a risk of identity fraud. A study found 247 pieces of personal data stored on handsets and SIM cards purchased from eBay and second-hand electronics shops. The information ranged from credit card numbers to bank account details, photographs, email address and login details to social networking sites like Facebook and Twitter. According to data security firm CPP, 81 percent of previous owners claim they have wiped personal data from their mobile phones and SIM cards before selling them. However, deleting the information manually is 'a process that security experts acknowledge leaves the data intact and retrievable.'"

13 of 83 comments (clear)

  1. Re:manufactuers and telcos fault again by Ritchie70 · · Score: 3, Insightful

    It would not shock me if Microsoft took security more seriously than Apple.

    Microsoft products are the target of more attacks.

    Microsoft has more business customers.

    I just got a new phone and have no idea if I successfully deleted everything from my old phone. It seems clean, but maybe I should just take it apart into little pieces and be done with it. I usually leave old phones in the donation bin at work, though.

    --
    The preferred solution is to not have a problem.
  2. Re:manufactuers and telcos fault again by Amarantine · · Score: 2

    Yes. Apple makes computers for people who don't understand anything about computers. Microsoft makes computers for professionals.

    Didn't know that Microsoft makes computers. But you are aware that most people who don't understand computers, use Windows, right? "Oh, perhaps the printer didn't hear me. I'll just hit the print button again."

  3. So.... by zach_the_lizard · · Score: 2

    So, anyone got a phone I can have? I promise to whipe it

    --
    SSC
  4. Wiping should not be needed by mmcuh · · Score: 5, Insightful

    The main problem here isn't that people aren't deleting their data, it's that phones don't come with block-level or at least filesystem-level encryption for all data by default. If you're marketing something to everyone, including the idiots, you should make it idiot-proof.

    1. Re:Wiping should not be needed by Anonymous Coward · · Score: 2, Insightful

      If you're marketing something to everyone, including the idiots, you should make it idiot-proof.

      If you make something idiot-proof, the world will make a better idiot.

    2. Re:Wiping should not be needed by Anonymous Coward · · Score: 3, Insightful

      > Encryption is only effective if you require the user to enter a pass phrase every time he needs access.

      That's not how you would use encryption here.

      You would encrypt most of the desk with a randomly-generated key stored in the unencrypted part.
      When the user of the phone then selects "Delete Everything!", you generate a new key and overwrite
      the old. That really will get rid of the old data.

  5. mandatory wipe option by mango9 · · Score: 2

    How about a fairly accessible mandatory wipe option being required in new models? Might require SIM to be taken out first. Not too hard surely. Probably easier to do in Europe though ... cell phone companies would need pushing.

  6. Restore factory settings is not easy by joeflies · · Score: 2

    When you look at most phones (especially the pre-smart phone units), there are not easy ways to wipe it back to factory settings. There's no easy way to check if "wipe factory settings" really deleted the data or just removed pointers to the data. There is no sim to pull. And thus, there's no obvious way for the average consumer to dispose of their personal information other than to destroy the phone itself.

  7. Re:manufactuers and telcos fault again by guruevi · · Score: 2

    Maybe they should do like the iPhone then. Encrypt everything by default and when you're done with it it erases the private key - all data unreadable in under a second. I don't know where GP comes from that Apple can't but Apple is the ONLY device besides the newer Androids and some old BB's that has it and does it reliably/remotely. Many businesses actually choose iPhone over other devices (even Windows) because of the Enterprise features.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
  8. My CAR contains personal info! by Anonymous Coward · · Score: 2, Interesting

    I bought my latest (used) car just over a year ago. It has a bluetooth handsfree system built in.

    Imagine my surprise when I tried to call home one day to find that i was hearing a stranger's voice on the answering machine! Apparently the previous owner programmed her "Home" number into the car itself rather than accessing the address book from her device.

    I still have not figured out how to delete the entry!

  9. I Have To Join In by Anonymous Coward · · Score: 2, Insightful

    ...With the chorus of responses above. Every time I get a new phone I have to go through a goddamn voodoo ritual of clicking around on Google for a couple of hours trying to figure out where the phone manufacturer and/or the original carrier of the phone decided to hide, password protect, lock out, or otherwise attempt to obscure the method for doing a "master reset" or full wipe of the phone's data. I think in the USA this problem is compounded by the ubiquity of contract phones -- non-nerds can basically only buy a cell phone from a service provided, tied to that service provider in this country -- and it's common practice for cell carriers to lock out, password, and hide features of their phones in their BS custom firmware (Which also probably locks you out of firmware updates from the manufacturer, at least on basic "dumb" phones. Oh, and it has a thirty-second slideshow animation complete with irritating jingle and the carrier's logo that plays when you power on and off, which can't be silenced or skipped.). Apparently they do this to force users to buy games and ringtones through them at exorbitant cost instead of just hooking up a USB cable and copying some MP3's/Java Apps from their PC, but this causes other problems like tucking the Master Reset option in a damn maintenance menu that's locked with a password that only the cell phone company is supposed to know. And sometimes they do other fun things like disabling Bluetooth file transfer, disabling tethering, disabling local video playback, etc., etc.

    This is a practice that needs to stop. This article is just another example of why.

  10. Re:manufactuers and telcos fault again by mlts · · Score: 2

    iPhones, especially the iPhone 4, have a decent erase mechanism which allows for a secure method of zeroing it out. When the device is told to erase itself, it just zeroes out the master key and replaces it with another from a cryptographically secure RNG. This is a quick, but secure way of ensuring that the data on the device is rendered inaccessible.

    Just to be safe, if I were packaging an iPhone up for resale, after doing an erase from the Settings menu, I would do a DFU restore of the firmware as well, especially if the device was jailbroken before.

  11. Wipe The Device! by Lieutenant_Dan · · Score: 2

    Some manufacturers have some key combinations to erase the device. Sometimes the manuals actually the steps required.

    Not affiliated, but these guys have a db of the commands:
    http://www.recellular.com/recycling/data_eraser/default.asp

    --
    Wearing pants should always be optional.