Half of Used Phones Still Contain Personal Info

jhernik writes "More than half of second-hand mobile phones still contain personal information of the previous owner, posing a risk of identity fraud. A study found 247 pieces of personal data stored on handsets and SIM cards purchased from eBay and second-hand electronics shops. The information ranged from credit card numbers to bank account details, photographs, email address and login details to social networking sites like Facebook and Twitter. According to data security firm CPP, 81 percent of previous owners claim they have wiped personal data from their mobile phones and SIM cards before selling them. However, deleting the information manually is 'a process that security experts acknowledge leaves the data intact and retrievable.'"

Re:manufactuers and telcos fault again

[Ritchie70]

It would not shock me if Microsoft took security more seriously than Apple.

Microsoft products are the target of more attacks.

Microsoft has more business customers.

I just got a new phone and have no idea if I successfully deleted everything from my old phone. It seems clean, but maybe I should just take it apart into little pieces and be done with it. I usually leave old phones in the donation bin at work, though.

Wiping should not be needed

[mmcuh]

The main problem here isn't that people aren't deleting their data, it's that phones don't come with block-level or at least filesystem-level encryption for all data by default. If you're marketing something to everyone, including the idiots, you should make it idiot-proof.

Re:Wiping should not be needed

> Encryption is only effective if you require the user to enter a pass phrase every time he needs access.

That's not how you would use encryption here.

You would encrypt most of the desk with a randomly-generated key stored in the unencrypted part.
When the user of the phone then selects "Delete Everything!", you generate a new key and overwrite
the old. That really will get rid of the old data.