44% of used phones contain sensitive data

In a recent study, researchers were able to garnish all kinds of sensitive data from second hand mobile devices.  Of the units tested, 44% contained information such as salary details, bank account information, business plans, personal medical details, personal insults, and address book data.  Next time you get a used device, take a good look around. You never know what you may find.

[via Zero Day]

Comments

  1. darkbhudda says:

    When I had my mobile in for repairs I got a temp phone. The previous owner hadn’t deleted anything from it. I resisted the temptation to check it all out for some time, but finally I was curious. This guy had SMSes to his live-in girlfriend as well as to other chicks he was making moves on. Good luck with that when your live-in snoops dude. Best of all I recognised one of the names and numbers in his contacts list. Turns out we’d both slept with the same chick.

    I made sure to delete everything when I handed it back in.

  2. Buster says:

    That’s kind of obvious especially since the main reasons electronics are returned is because of cracked screens, broken keyboards, and other things vital in terms of navigating the screen.
    Without a screen you can’t remove these things, With a broken keyboard it’s more of a chore to find a way around. So it just makes sense.

  3. r1b4z01d says:

    With out a screen you can still degauss it. This is what we do at my work. I am in charge of all the cell phones.

  4. Josh says:

    I had this happen to me once. The cell phone company took back my phone under warranty and said they had erased all the information after transferring it to a “refurbished” phone. That phone had the previous customer’s info on it. Including some “interesting” pictures.

  5. hcaaman says:

    to r1b4z01d:
    I think degaussing only works on magnetic storage.

  6. nubie says:

    Store personal info on removable storage.

    Stop purchasing devices with user-accessible internal storage space (It can’t be more expensive to use a micro/mini SD slot), then the market will dry up and we won’t have this problem.

    You would have to be stupid to store sensitive information on the phones internal memory and then let it out of your control.

  7. sly says:

    degaussing works on electronic storage too… you risk wiping the flash as well though turning it into a brick.

    most folks don’t generally have access to massive degaussing tools though.

  8. D says:

    Ya know, it’s not just the physical memory on the phone either.

    About 5 years ago I set up a new account at sprint, took their cheap “free” phone (new), and set up the Vision thingus for sending pictures and such. Immediately I couldn’t log in to Vision, it seemed the password of the previous “owner” of my new phone number was still in place. After several go-rounds with tech support I finally got them to reset the password. Once I could log in I found several “interesting” pictures of the previous owner.

    Fortunately for me, it was a she, and not an overly scary she either. Pics included “The Twins” (haha, original) and “shaved4U”.

    Even more entertaining; for the next 8 months or so I still got calls and voicemails for the previous owner, Jessica. Including a few from her grandparents, “Jessica, why don’t you answer your phone? We haven’t seen you in months!”

  9. jproach says:

    If you have a field that strong, it is not “wiping the flash”, it would be destroying the internal circuitry.

    Could put the thing into a shredder and achieve a similar effect.

  10. Dark_AvEnGer says:

    best to just put the phone in a very hot fire after, then nobody will be getting any data off.

  11. freak3dot says:

    I got a phone off ebay with phone numbers, picutres, and texts on it but nothing interesting. It was just obvious that it was previously owned by some hillbilly. I made quick work of it with the manufactures reset code. In reply to above: even with a cracked screen, one can enter the correct sequence of buttons to reset the phone to manufacture state. It takes minimal googling to find a reset code.

    freak3dot

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 93,815 other followers