Wealth of Personal Data Found On Used Electronics Purchased Online

← Back to Stories (view on slashdot.org)

Wealth of Personal Data Found On Used Electronics Purchased Online

Posted by samzenpus on Wednesday October 7, 2015 @10:13AM from the left-behind dept.

An anonymous reader writes: After examining 122 used mobile devices, hard disk drives and solid state drives purchased online, Blancco Technology Group and Kroll Ontrack found 48% contained residual data. In addition, 35% of mobile devices contained emails, texts/SMS/IMs, and videos. From the article: "Upon closer examination, Blancco Technology Group and Kroll Ontrack discovered that a deletion attempt had been made on 57 percent of the mobile devices and 75 percent of the drives that contained residual data. Even more compelling was the discovery that those deletion attempts had been unsuccessful due to common, but unreliable methods used, leaving sensitive information exposed and potentially accessible to cyber criminals. The residual data left on two of the second-hand mobile devices were significant enough to discern the original users' identities. Whether it's a person's emails containing their contact information or media files involving a company's intellectual property, lingering data can have serious consequences."

50 of 70 comments (clear)

Min score:

Reason:

Sort:

this is why by ganjadude · 2015-10-07 10:18 · Score: 2

this is why when i sell my old electronics, the drive comes out

--
have you seen my sig? there are many others like it but none that are the same
1. Re: this is why by Anonymous Coward · 2015-10-07 10:21 · Score: 1
  
  This is why when I buy old electronics the hard drive comes out...
  and onto a usb-sata adapter to have a nose. If you think you're gonna find nudes you're right - I have so many dick pics it's crazy.
2. Re:this is why by Anonymous Coward · 2015-10-07 10:49 · Score: 1
  
  I'm dying to know how you pull out the disk of your smartphone (without killing it, that is).
3. Re: this is why by willworkforbeer · 2015-10-07 10:51 · Score: 1
  
  I have so many dick pics it's crazy.
  Um... oookay. "Had" might have been a better choice of words.
  
  --
  Pretending this is my office full of bitter coworkers..
4. Re:this is why by ganjadude · 2015-10-07 11:02 · Score: 1
  
  my smart phones become backups, then the backup gets trashed when the new backup comes. those devices I dont sell
  
  --
  have you seen my sig? there are many others like it but none that are the same
5. Re:this is why by mlts · 2015-10-07 14:13 · Score: 2
  
  I take an easier approach. If I'm selling something I'll replace the drive.
  However, for a machine I'm giving to a friend or family member, what I wind up doing is just a format command, then a pass with cipher /w (assuming Windows.) Since all my volumes are BitLocker protected, a format command overwrites the areas on the hard drive with the volume master key multiple times. Even with the right BitLocker password or recovery key protector, the data is gone, since the master key cannot be retrieved. The cipher /w just does a simple three pass (zeroes, ones, random numbers), which is good enough for almost anything.
  SSDs are even easier. A format command zaps the keys, then I boot a Linux live CD, run hdparam to do a secure erase, or at the minimum, a blkdiscard on the entire drive, and call it done. The secure erase or the TRIM command ensures that all data on the drive is zeroed (or at least reported to the reading OS as zeroed), so there is almost no chance of recovery whatsoever. If by chance some data is recovered, it will just be encrypted stuff. If I wanted to, I could run an erase pass on the entire drive, but why shorten the drive's life when the secure erase or TRIM has pretty much ensured the drive will be clean.
6. Re:this is why by antdude · 2015-10-07 15:00 · Score: 1
  
  How with mobile devices? What about warranties when the company want them back to RMA?
  
  --
  Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
7. Re:this is why by Gaygirlie · 2015-10-07 16:45 · Score: 2
  
  However, for a machine I'm giving to a friend or family member, what I wind up doing is just a format command, then a pass with cipher /w (assuming Windows.) Since all my volumes are BitLocker protected, a format command overwrites the areas on the hard drive with the volume master key multiple times. Even with the right BitLocker password or recovery key protector, the data is gone, since the master key cannot be retrieved. The cipher /w just does a simple three pass (zeroes, ones, random numbers), which is good enough for almost anything.
  Why? What's the point? Self-entitled "nerds" here keep perpetuating the same old myths that you need to wipe and wipe and wipe and wipe a billion times for the data to be completely inaccessible and are just making themselves look just as ignorant as the people they berate themselves.There is plenty of research on this topic and I wish people would just finally learn something and stop spreading some god damn myths.
  The purpose of this paper was a categorical settlement to the controversy surrounding the misconceptions involving the belief that data can be recovered following a wipe procedure. This study has demonstrated that correctly wiped data cannot reasonably retrieved even if it of a small size or found only over small parts of the hard drive. Not even with the use of a MFM or other known methods. The belief that a tool can be developed to retrieve gigabytes or terabytes of data of information from a wiped drive is in error.
  Although there is a good chance of recovery for any individual bit from a drive, the chance of recovery of any amount of data from a drive using an electron microscope are negligible. Even speculating on the possible recovery of an old drive, there is no likelihood that any data would be recoverable from the drive. The forensic recovery of data using electron microscopy is infeasible. This was true both on old drives and has become more difficult over tine. Further, there is a need for the data to have been written and then wiped on a raw unused drive for there to be any hopy of any level of recovery even at the bit level, which does not reflect real situations. It is unlikely that a recovered drive will have not been used for a period of time and the interaction of defragmentation, file copies and general use that overwrites data areas negates any chance of data recovery. The fallacy that data can be forensically recovered using an electron microscope or related means needs to be put to rest. -- https://www.google.com/search?...
  Studies have shown that most of today’s media can be effectively cleared by one overwrite.
  Purging information is a media sanitization process that protects the confidentiality of information against a laboratory attack. For some media, clearing media would not suffice for purging. However, for ATA disk drives manufactured after 2001 (over 15 GB) the terms clearing and purging have converged. -- http://csrc.nist.gov/publicati...
  For the purposes of clarity, this will be repeated: If every single sector of a modern hard drive is overwritten, then NO DATA can be recovered, and especially not by the police. In fact companies such as Ontrack, who spend millions of dollars on research into data recovery are not able to do this. This wiping does not need to be done 33, 12, or even 3 times. Just once. -- https://whereismydata.wordpres...
  These things go on forever if one just bothers to Google a bit, I could keep linking and quoting stuff for several books' worth.
8. Re: this is why by Anonymous Coward · 2015-10-07 22:37 · Score: 1
  
  Because wiping it doesn't always work, especiallyusing the on board methods in a phone.
9. Re:this is why by CimmerianX · 2015-10-08 01:50 · Score: 1
  
  Boot n' Nuke CD, 1 pass. That's all it takes to keep 99.99% of the would be thieves at bay. 7 pass DoD is way overkill.
10. Re:this is why by michrech · 2015-10-08 02:33 · Score: 1
  
  For me it's DBAN with "autonuke"...
  
  --
  bork bork bork!
11. Re:this is why by tlhIngan · 2015-10-08 03:59 · Score: 1
  
  How with mobile devices? What about warranties when the company want them back to RMA?
  Don't mobile devices have a clear and delete everything that works?
  I know iOS does - since iOS 3. On iPhone 3GS and higher, what it does is it deletes the flash storage key and regenerates a new one (which is why the older ones needed a OS reload - it wiped the OS as well). On older iPhones, it physically erased the storage because the stores are unencrypted. Which is why on those phones it took hours to run, while on the new ones, it takes mere seconds.
  As for RMA - that's where you have to decide - is your data more important than the drive? You have to realize a 2TB drive is well under $100 new these days, so if your data is worth more than $100 if it got out, you probably are better off not returning it and just buying a new one.
  Our IT guy has decided that 2TB drives are not worth his time to RMA - they're cheap, and return shipping covers a good portion of the cost of a new drive, so it's pointless.
and not just YOUR devices by turkeydance · 2015-10-07 10:23 · Score: 4, Informative

a local University 'surplused' some used copiers, and found out the hard way that the hard-drives kept copies of all copies.
1. Re:and not just YOUR devices by PopeRatzo · 2015-10-07 10:58 · Score: 5, Funny
  
  a local University 'surplused' some used copiers, and found out the hard way that the hard-drives kept copies of all copies.
  They also found out that 27% of all copies made were of someone's ass.
  
  --
  You are welcome on my lawn.
2. Re:and not just YOUR devices by Anonymous Coward · 2015-10-07 11:18 · Score: 1
  
  Photocopiers would have to be the worst offenders. Seriously, I'm no hacker, but most of time these things seem to keep a store of whatever has been printed, photocopied and scanned *visible* by default. A few clicks and you can find it and reprint it: no passwords, nothing. Maybe there's a setting to turn of this default stupidity, but usually these are work machines set up by a secretary or someone similar, so there's almost zero chance of the defaults being changed.
  Now I'm mildly paranoid so I manually delete stuff I consider important from the queue (except, of course, when I forget), but given the generally hopeless default settings it seems entirely reasonable to assume the files are still on the drive after "deletion", and expecting that they will get overwritten prior to any actual removal (if it happens) for security seems hopelessly optimistic - so it seems reasonable to assume recovery of said files would be trivial 9 times out of 10.
Okay, seriously.... by JustAnotherOldGuy · 2015-10-07 10:26 · Score: 2

Really, does this surprise anybody?
Headline should read, "Most People Too Stupid To Wipe Electronic Devices Before Selling Them", and it should be from the Really really shocking news dept"

--
Just cruising through this digital world at 33 1/3 rpm...
1. Re:Okay, seriously.... by fightinfilipino · 2015-10-07 10:30 · Score: 4, Insightful
  
  Really, does this surprise anybody?
  Headline should read, "Most People Too Stupid To Wipe Electronic Devices Before Selling Them", and it should be from the Really really shocking news dept"
  in those people's defense, it is difficult to completely wipe mobile devices. using the device's own wipe/format tools does not guarantee the device does not have residual data. it's easier to wipe a hard disk on a PC (using DBAN or similar), but mobile devices are not as easy to format and clean.
2. Re:Okay, seriously.... by Narcocide · 2015-10-07 10:34 · Score: 1
  
  Here is what you do with those mobile devices.
3. Re:Okay, seriously.... by bobbied · 2015-10-07 10:53 · Score: 2
  
  Really, does this surprise anybody?
  I'm not surprised in the least. It's hard for folks who barely know how to plug something in and turn it on to comprehend how dangerous the information on that hard drive really is, even if you have deleted all the files you think are important. How many people know (or would care if they did) how the file system on their laptop actually works, that deleted files are NOT gone yet, or that cluster tips and system save/restore and crash dumps can carry a wealth of information even if you have run a multi-pass overwrite program? Very few.
  Well, if there is anything good to come from the Hillary E-mail server thing is perhaps the common man will start to realize that they need to be careful to "wipe" (and not just with a cloth) their electronics clean, and deleting something doesn't mean it's gone, only that it's not as easy to find. Heaven help us when folks start to realize that "the cloud" only makes this whole data security thing that much harder, because now you cannot even physically disassemble the device and erase your data that way...
  
  --
  "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
4. Re:Okay, seriously.... by fightinfilipino · 2015-10-07 11:11 · Score: 1
  
  Here is what you do with those mobile devices.
  i mean, that is the fun way to data privacy, but i'd also want to avoid the carcinogenic fumes :)
5. Re:Okay, seriously.... by JustAnotherOldGuy · 2015-10-07 11:20 · Score: 1
  
  that deleted files are NOT gone yet, or that cluster tips and system save/restore and crash dumps can carry a wealth of information even if you have run a multi-pass overwrite program? Very few.
  And this is why when I'm decommissioning a PC, the hard drive is removed, taken to the range, and literally shot to pieces.
  If inclement weather doesn't permit the "range erase" option, a hammer and chisel plus a band-saw do a pretty good job.
  Either way, it's destroyed beyond any hope of recovery. I suspect even a highly-advanced alien race would be hard-pressed to reconstruct it far enough to get anything useful off of it.
  
  --
  Just cruising through this digital world at 33 1/3 rpm...
6. Re:Okay, seriously.... by bobbied · 2015-10-07 11:51 · Score: 2
  
  You mean you don't take the time to dissemble the drive, remove the platters and dissolve the magnetic coating in acid? You poor soul.... Personally, I'm content to erase the drive by doing a low level format, but hey, I love to live dangerously given that this won't touch any "bad blocks" replaced by the drive controller....
  
  --
  "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
7. Re:Okay, seriously.... by JustAnotherOldGuy · 2015-10-07 12:09 · Score: 2
  
  You mean you don't take the time to dissemble the drive, remove the platters and dissolve the magnetic coating in acid?
  
  I used to scrape the magnetic coating off with my teeth but then knives and forks started sticking to my teeth. So embarrassing.
  
  --
  Just cruising through this digital world at 33 1/3 rpm...
8. Re:Okay, seriously.... by CanadianMacFan · 2015-10-07 12:13 · Score: 1
  
  Not really considering that this type of article comes out at least once a year.
9. Re:Okay, seriously.... by YrWrstNtmr · 2015-10-07 12:26 · Score: 1
  
  And this is why when I'm decommissioning a PC, the hard drive is removed, taken to the range, and literally shot to pieces.
  
  Heathen. You don't recover the fridge magnets?
10. Re:Okay, seriously.... by Lumpy · 2015-10-07 12:52 · Score: 1
  
  Actually "most people are too stupid" is a proper headline. and it's the truth. the average person is dumb as a box of rocks when it comes to ANY technology. and it's because they dont want to bother learning.
  Lazy is the new in thing.
  
  --
  Do not look at laser with remaining good eye.
11. Re:Okay, seriously.... by antdude · 2015-10-07 14:55 · Score: 1
  
  Especially when they are broken. :(
  
  --
  Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
12. Re:Okay, seriously.... by peon_a-z,A-Z,0-9$_+! · 2015-10-07 16:11 · Score: 1
  
  Technically you fall in this "stupid" category, as just wiping alone is not sufficient to prevent recovery.
13. Re:Okay, seriously.... by Bob+the+Super+Hamste · 2015-10-08 00:44 · Score: 1
  
  You mean transmission and oil pan magnets.
  
  --
  Time to offend someone
14. Re:Okay, seriously.... by JustAnotherOldGuy · 2015-10-08 03:18 · Score: 1
  
  Technically you fall in this "stupid" category, as just wiping alone is not sufficient to prevent recovery.
  Not the way I wipe them. It involves a range and about 20 rounds of 5.56 ammo. And I provide a 100% guarantee that no data will be able to be recovered.
  
  --
  Just cruising through this digital world at 33 1/3 rpm...
15. Re:Okay, seriously.... by zentigger · 2015-10-08 05:24 · Score: 1
  
  I do have a very effective strategy for wiping mobile devices using a third party device. Unfortunately it tends to reduce the resale value a bit :)
  
  --
  the above is my personal opinion and does not necessarily reflect that of the little voices in my head
16. Re:Okay, seriously.... by peon_a-z,A-Z,0-9$_+! · 2015-10-08 11:02 · Score: 1
  
  Headline should read, "Most People Too Stupid To Wipe Electronic Devices Before Selling Them", and it should be from the Really really shocking news dept"
  
  How does shooting "about 20 rounds of 5.56 ammo" relate to your comment about wiping a device? You are referring to physical destruction of media, whereas wiping is typically associated with the function literally using the word "wipe" in a mobile device recovery or OS, such as "wipe data" or "wipe cache". (Wipe-by-shooting-with-ammo is not an option.)
17. Re:Okay, seriously.... by JustAnotherOldGuy · 2015-10-08 12:04 · Score: 1
  
  How does shooting "about 20 rounds of 5.56 ammo" relate to your comment about wiping a device? You are referring to physical destruction of media, whereas wiping is typically associated with the function literally using the word "wipe" in a mobile device recovery or OS, such as "wipe data" or "wipe cache". (Wipe-by-shooting-with-ammo is not an option.)
  Thanks, Mr Pedant!
  Look, you wipe your way, I'll wipe my way. And frankly, no one can dispute that when I'm done doing it my way, the data is indeed, "wiped out". :)
  
  --
  Just cruising through this digital world at 33 1/3 rpm...
18. Re:Okay, seriously.... by peon_a-z,A-Z,0-9$_+! · 2015-10-08 18:47 · Score: 1
  
  Sure, fine, we can agree to that.
  Your comment is not helpful though and is actually counter-productive. On face value, your comment is propagating the issue, making people feel sure that they are wiping* their device and they are fine.
  *With no other further action** as you later revealed.
  **Cited further action is not even valid when discussing selling a device.
19. Re:Okay, seriously.... by JustAnotherOldGuy · 2015-10-09 02:53 · Score: 1
  
  Your comment is not helpful though and is actually counter-productive. On face value, your comment is propagating the issue, making people feel sure that they are wiping* their device and they are fine.
  Bullshit. Stop being such a pedant. My comment is not responsible for anyone doing or not doing anything.
  -
  
  **Cited further action is not even valid when discussing selling a device.
  It is if they're buying a box full of fractured metal and plastic debris that used to be a hard drive.
  Seriously, stop being such a fucking numpty. No one except the most quibbling of anal-retentive nitpickers could or would misunderstand my comment or take issue with it the way you have.
  
  --
  Just cruising through this digital world at 33 1/3 rpm...
20. Re:Okay, seriously.... by peon_a-z,A-Z,0-9$_+! · 2015-10-09 04:14 · Score: 1
  
  You OK?
21. Re:Okay, seriously.... by JustAnotherOldGuy · 2015-10-09 05:02 · Score: 1
  
  You OK?
  Perfectly fine, thanks for asking.
  
  --
  Just cruising through this digital world at 33 1/3 rpm...
Happens all the time. by Dprint_Seattle · 2015-10-07 10:46 · Score: 3, Insightful

I work at a large thrift store and trust me. When the tech comes in it still in most cases has the donators stuff on it. From the hard drives we get to the routers and everything in-between.
No surprise to me... by bwcbwc · 2015-10-07 10:48 · Score: 1

I once bought a lot of used/returned MP3 players at auction. While I didn't get a wealth of personal data, I did get a wealth of "free" music. Based on value, I was actually paying for the music rather than the MP3 players.
Retailers don't have the resources to wipe the memory on returned devices, they rely on the people who buy the resold devices to be scrupulous.

--
We are the 198 proof..
1. Re:No surprise to me... by The-Ixian · 2015-10-08 03:29 · Score: 1
  
  Too bad it was probably all top 40 bs or country...
  
  --
  My eyes reflect the stars and a smile lights up my face.
1.69% of identities discerned by rmdingler · 2015-10-07 10:48 · Score: 1

Residual data on two of 122 used mobile devices had residual data left... significant enough to discern the original users' identities.
The humanity!!

--
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
yep, noticed that by roc97007 · 2015-10-07 10:59 · Score: 2

There was a time when my daughter was really into blackberrys, because you could text really fast on the keyboard. She discovered that a local electronic junk store had a stack of various models of blackberry for something like five bucks apiece, so she bought three of them, and would put her sim in different phones depending on whether she felt like carrying a 6000 series or a 7000 series or a Curve.
Anyway, one thing she discovered is that none (0) of them had been wiped, and she had access to documents, baby photos and all kinds of stuff. Nothing pornographic, fortunately. At least, that she told me about.

--
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
1. Re:yep, noticed that by zazzel · 2015-10-07 20:19 · Score: 1
  
  I even received an unwiped "Warehouse Deals" phablet from an unnamed online vendor (potentially named after a large river), that had personal documents, holiday pictures AND pornographic videos on it. My girlfriend discovered the videos - fortunately right on the first day, while we were playing around with it. Said online vendor then immediately agreed to a further discount. Which was quite a good idea, since in my country, spreading unwanted pornographic material is illegal.
  And yes, I also know the previous owner's name, since he had set up two e-mail accounts with real names on the device :-)
and even when they do by tomhath · 2015-10-07 11:30 · Score: 1

And when they do "wipe" a device they still could leave thousands of emails behind. Some of them might even be classified.
Was an Amazon device my Mom bought new by Trax3001BBS · 2015-10-07 11:41 · Score: 1

It wasn't and required another's account removed, all of this Mexicans information was displayed down to their credit card number, and other personal info; making sure we wanted this information removed.
We did laugh at it later thinking of the problems this person would of had if we were that type.
WHAT??? by Vlijmen+Fileer · 2015-10-07 11:54 · Score: 1

AGAIN???!!! :/
When will this news item stop being regurgitated. OF COURSE information will be found on discarded storage devices.
We know, it's logical and expected, and we have been informed by jobless journalists a zillion times already.
Devices contain residual data .. by nickweller · 2015-10-07 12:15 · Score: 1

Erasing isn't enough, you have to overwrite the file system with random data ..
Re:Charity donations by Scoth · 2015-10-07 13:39 · Score: 1

For Android, you could do something like boot into Recovery, completely format all the partitions (except recovery), and reflash the ROM. If you wanted to be especially paranoid you could adb into it and dd if=/dev/zero the whole thing a time or two and then reflash it. Hell of a lot of work though, and typically would require some kind of rooting or alternative recovery for some of the options.
iOS devices you'd pretty much have to jailbreak to do something like that directly. I have no idea how thorough a restore in iTunes is forensically speaking. Might be good enough.
I'd be somewhat hesitant to resell/donate a mobile device. I tend to keep them around and use them until they're thoroughly used up anyway, so I don't typically have anything left worth selling/donating.
I too have bought a few random computers at thrift stores over the years, and have found enough personal data to make several peoples' lives miserable. Not really my style though; I typically wipe them as a first step. Although I did unexpectedly find an older laptop with a legit activated Windows 8 license on it that I just nuked the previous user account on and kept using, since upgraded to 10. It's still impressive to me the kind of things people leave on computers they're donating. I keep seeing the words "common sense" thrown around in this article, but I'm still surprised more people don't have it.
Not always possible to wipe a phone by RubberDogBone · 2015-10-07 13:51 · Score: 1

My Samsung Galaxy S3 was an awesome phone, up until the moment it died without warning. It was simply sitting on my desk charging one moment, and then completely gone the next. Battery swap didn't fix it.
I had insurance on the phone and ended up using it, but the phone was dead and there was no way to wipe it. I had to send back the dead one as-is in exchange for a replacement. What happened to that broken phone, I have no idea, but it would not surprise me if a pile of broken phones ended up being repaired and all bets are off.

--
Sig for hire.
Includes CPO Cars as well by HockeyPuck · 2015-10-08 01:18 · Score: 1

Two years ago I bought a Certified Pre-Owned BMW from a dealer. It's basically a used car of a supposed "higher quality" from a dealer. Turned out that even though they do some sort of 5million point inspection, they forgot to clear the mp3 collection uploaded into the car's entertainment system, didn't clear the stored phonebook, nor the 10 recent phone numbers.