Wealth of Personal Data Found On Used Electronics Purchased Online

An anonymous reader writes: After examining 122 used mobile devices, hard disk drives and solid state drives purchased online, Blancco Technology Group and Kroll Ontrack found 48% contained residual data. In addition, 35% of mobile devices contained emails, texts/SMS/IMs, and videos. From the article: "Upon closer examination, Blancco Technology Group and Kroll Ontrack discovered that a deletion attempt had been made on 57 percent of the mobile devices and 75 percent of the drives that contained residual data. Even more compelling was the discovery that those deletion attempts had been unsuccessful due to common, but unreliable methods used, leaving sensitive information exposed and potentially accessible to cyber criminals. The residual data left on two of the second-hand mobile devices were significant enough to discern the original users' identities. Whether it's a person's emails containing their contact information or media files involving a company's intellectual property, lingering data can have serious consequences."

this is why

[ganjadude]

this is why when i sell my old electronics, the drive comes out

Re:this is why

[mlts]

I take an easier approach. If I'm selling something I'll replace the drive.

However, for a machine I'm giving to a friend or family member, what I wind up doing is just a format command, then a pass with cipher /w (assuming Windows.) Since all my volumes are BitLocker protected, a format command overwrites the areas on the hard drive with the volume master key multiple times. Even with the right BitLocker password or recovery key protector, the data is gone, since the master key cannot be retrieved. The cipher /w just does a simple three pass (zeroes, ones, random numbers), which is good enough for almost anything.

SSDs are even easier. A format command zaps the keys, then I boot a Linux live CD, run hdparam to do a secure erase, or at the minimum, a blkdiscard on the entire drive, and call it done. The secure erase or the TRIM command ensures that all data on the drive is zeroed (or at least reported to the reading OS as zeroed), so there is almost no chance of recovery whatsoever. If by chance some data is recovered, it will just be encrypted stuff. If I wanted to, I could run an erase pass on the entire drive, but why shorten the drive's life when the secure erase or TRIM has pretty much ensured the drive will be clean.

Re:this is why

[Gaygirlie]

However, for a machine I'm giving to a friend or family member, what I wind up doing is just a format command, then a pass with cipher /w (assuming Windows.) Since all my volumes are BitLocker protected, a format command overwrites the areas on the hard drive with the volume master key multiple times. Even with the right BitLocker password or recovery key protector, the data is gone, since the master key cannot be retrieved. The cipher /w just does a simple three pass (zeroes, ones, random numbers), which is good enough for almost anything.

Why? What's the point? Self-entitled "nerds" here keep perpetuating the same old myths that you need to wipe and wipe and wipe and wipe a billion times for the data to be completely inaccessible and are just making themselves look just as ignorant as the people they berate themselves.There is plenty of research on this topic and I wish people would just finally learn something and stop spreading some god damn myths.

The purpose of this paper was a categorical settlement to the controversy surrounding the misconceptions involving the belief that data can be recovered following a wipe procedure. This study has demonstrated that correctly wiped data cannot reasonably retrieved even if it of a small size or found only over small parts of the hard drive. Not even with the use of a MFM or other known methods. The belief that a tool can be developed to retrieve gigabytes or terabytes of data of information from a wiped drive is in error.

        Although there is a good chance of recovery for any individual bit from a drive, the chance of recovery of any amount of data from a drive using an electron microscope are negligible. Even speculating on the possible recovery of an old drive, there is no likelihood that any data would be recoverable from the drive. The forensic recovery of data using electron microscopy is infeasible. This was true both on old drives and has become more difficult over tine. Further, there is a need for the data to have been written and then wiped on a raw unused drive for there to be any hopy of any level of recovery even at the bit level, which does not reflect real situations. It is unlikely that a recovered drive will have not been used for a period of time and the interaction of defragmentation, file copies and general use that overwrites data areas negates any chance of data recovery. The fallacy that data can be forensically recovered using an electron microscope or related means needs to be put to rest. -- https://www.google.com/search?...

Studies have shown that most of today’s media can be effectively cleared by one overwrite.

        Purging information is a media sanitization process that protects the confidentiality of information against a laboratory attack. For some media, clearing media would not suffice for purging. However, for ATA disk drives manufactured after 2001 (over 15 GB) the terms clearing and purging have converged. -- http://csrc.nist.gov/publicati...

For the purposes of clarity, this will be repeated: If every single sector of a modern hard drive is overwritten, then NO DATA can be recovered, and especially not by the police. In fact companies such as Ontrack, who spend millions of dollars on research into data recovery are not able to do this. This wiping does not need to be done 33, 12, or even 3 times. Just once. -- https://whereismydata.wordpres...

These things go on forever if one just bothers to Google a bit, I could keep linking and quoting stuff for several books' worth.

and not just YOUR devices

[turkeydance]

a local University 'surplused' some used copiers, and found out the hard way that the hard-drives kept copies of all copies.

Re:and not just YOUR devices

[PopeRatzo]

a local University 'surplused' some used copiers, and found out the hard way that the hard-drives kept copies of all copies.

They also found out that 27% of all copies made were of someone's ass.

Okay, seriously....

[JustAnotherOldGuy]

Really, does this surprise anybody?

Headline should read, "Most People Too Stupid To Wipe Electronic Devices Before Selling Them", and it should be from the Really really shocking news dept"

Re:Okay, seriously....

[fightinfilipino]

Really, does this surprise anybody?

Headline should read, "Most People Too Stupid To Wipe Electronic Devices Before Selling Them", and it should be from the Really really shocking news dept"

in those people's defense, it is difficult to completely wipe mobile devices. using the device's own wipe/format tools does not guarantee the device does not have residual data. it's easier to wipe a hard disk on a PC (using DBAN or similar), but mobile devices are not as easy to format and clean.

Re:Okay, seriously....

[bobbied]

Really, does this surprise anybody?

I'm not surprised in the least. It's hard for folks who barely know how to plug something in and turn it on to comprehend how dangerous the information on that hard drive really is, even if you have deleted all the files you think are important. How many people know (or would care if they did) how the file system on their laptop actually works, that deleted files are NOT gone yet, or that cluster tips and system save/restore and crash dumps can carry a wealth of information even if you have run a multi-pass overwrite program? Very few.

Well, if there is anything good to come from the Hillary E-mail server thing is perhaps the common man will start to realize that they need to be careful to "wipe" (and not just with a cloth) their electronics clean, and deleting something doesn't mean it's gone, only that it's not as easy to find. Heaven help us when folks start to realize that "the cloud" only makes this whole data security thing that much harder, because now you cannot even physically disassemble the device and erase your data that way...

Re:Okay, seriously....

[bobbied]

You mean you don't take the time to dissemble the drive, remove the platters and dissolve the magnetic coating in acid? You poor soul.... Personally, I'm content to erase the drive by doing a low level format, but hey, I love to live dangerously given that this won't touch any "bad blocks" replaced by the drive controller....

Re:Okay, seriously....

[JustAnotherOldGuy]

You mean you don't take the time to dissemble the drive, remove the platters and dissolve the magnetic coating in acid?

I used to scrape the magnetic coating off with my teeth but then knives and forks started sticking to my teeth. So embarrassing.

Happens all the time.

[Dprint_Seattle]

I work at a large thrift store and trust me. When the tech comes in it still in most cases has the donators stuff on it. From the hard drives we get to the routers and everything in-between.

yep, noticed that

[roc97007]

There was a time when my daughter was really into blackberrys, because you could text really fast on the keyboard. She discovered that a local electronic junk store had a stack of various models of blackberry for something like five bucks apiece, so she bought three of them, and would put her sim in different phones depending on whether she felt like carrying a 6000 series or a 7000 series or a Curve.

Anyway, one thing she discovered is that none (0) of them had been wiped, and she had access to documents, baby photos and all kinds of stuff. Nothing pornographic, fortunately. At least, that she told me about.