Slashdot Mirror

← Back to Stories (view on slashdot.org)

Two-Thirds of Second-Hand Memory Cards Contain Data From Previous Owners (bleepingcomputer.com)

Posted by msmash on from the how-about-that dept.

Catalin Cimpanu, writing for BleepingComputer: A recent study conducted by academics from the University of Hertfordshire in the UK has revealed that almost two-thirds of second-hand memory cards still contain remnants of personal data from previous owners. For their study, researchers analyzed 100 second-hand SD and micro SD memory cards purchased from eBay, conventional auctions, second-hand shops, and other sources over a four-month period. All in all, researchers say the memory cards they recovered were previously used in smartphones and tablets, but some cards were also used cameras, SatNav systems, and even drones. The research team says the analysis process consisted of creating a bit-by-bit image of the card and then using freely available software to see if they could recover any data from the card. Their efforts were successful and worrisome at the same time, as the team says it managed to recover data from the memory cards, including intimate photos, selfies, passport copies, contact lists, navigation files, pornography, resumes, browsing history, identification numbers, and other personal documents.

4 of 130 comments (clear)

  1. Just Surprised... by rally2xs · · Score: 3, Interesting

    ...that it's ONLY 2/3rds. Who remembers / bothers to erase that data, anyway? For my cameras and GPSs, I doubt that I'd bother. Info available is immensely non-useful to anyone else. A PC memory I would erase, and spend time writing 1's, 0's, and then random #'s to it, but the other hardware I really wouldn't care about.

    And who is SELLING these memory cards, anyway? That's not how you get rid of 'em. You get rid of 'em by losing them. Everybody knows that.

    1. Re:Just Surprised... by KiloByte · · Score: 4, Insightful

      And who is SELLING these memory cards, anyway? That's not how you get rid of 'em. You get rid of 'em by losing them.

      That kind person who made you lose the card is selling; he can't drink, smoke nor inject that card in its present form. And you did not get an opportunity to clean the data.

      Thus, we'd need some way to encrypt the cards yet still be able to comfortably share them between diverse systems, as unless the card is sitting in the dust behind your couch, the data is likely to be used. Not by the direct "finder", but as soon as anyone pays for the copy, those nudes and bank statements will be out there. Oh, by the way: if you're evil enough, here's a business opportunity. Don't take it.

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
  2. Re:Academics by ShanghaiBill · · Score: 4, Informative

    Who proposes such a study and then who approves it?

    According to TFA, a company, Comparitech.com, commissioned the study.

    Are these the kind of studies Universities should be pursuing?

    This wasn't a vast team of world-class researchers. It was likely one undergrad on academic probation working for class credit, sitting at a desk with a small pile of cards, plugging each one into the slot and pushing a button. Total cost: about $200 to buy the cards.

  3. Link to original source by Anonymous Coward · · Score: 4, Informative

    I could not find the link to the actual report in the summary or the linked article (unless I missed it). But some googling located it.

    https://cdn.comparitech.com/static/docs/survey-data-remaining-second-hand-memory-cards-uk.pdf

    It is linked in the story of the company that commissioned the research in the first place: https://www.comparitech.com/blog/vpn-privacy/secondhand-memory-card-study/