'Wiping' Android phones does NOT delete your naked selfies: Photos, texts and emails can still be recovered after reset, study reveals

  • Prague-based firm Avast has revealed a huge flaw in Android devices
  • They bought 20 used phones off eBay and recovered 'deleted' data
  • To do so they used publicly available programmes such as FTK Imager
  • They then found they could access the data of people who had used default deleting or 'factory reset' services
  • Even some phones with third party software were easily hackable
  • Haul of data included 40,000 personal photos and 1,500 photos of children
  • They also recovered more than 1,000 compromising adult images of the previous owners of the phones
Using in-built 'factory reset' and 'delete-all' services on phones with Google's Android operating system is not enough to cleanse them of personal data, new research has revealed.

Experts found they were able to pull tens of thousands of photos, emails, text messages and more from used phones being on eBay that previous owners had thought they had 'wiped' clean.

The findings suggest that mobile owners should be much more thorough if they are planning to sell their phone to prevent their data being accessed.

Prague-based internet security firm Avast has discovered a huge flaw in Android phones. They found they were able to recover large amounts of personal data (image supplied) with publicly available programmes from used phones they bought on eBay that had seemingly been 'wiped' by the previous owners
Prague-based internet security firm Avast has discovered a huge flaw in Android phones. They found they were able to recover large amounts of personal data (image supplied) with publicly available programmes from used phones they bought on eBay that had seemingly been 'wiped' by the previous owners

The study by Avast Software, a Prague-based internet security firm, found they could easily retrieve personal data from smartphones sold online, despite consumers deleting their data.

Aside from 40,000 photos and 250 ‘compromising’ selfies of men, the company was even able to discover the identity of several sellers, and one person’s completed loan application.

The huge multitude of data was recovered from just 20 used smartphones, highlighting just how much data can be retrieved from a small number of used phones.

These were phones where the previous owners had performed a factory reset or a ‘delete all’ operation on their devices with in-built software.

Despite doing this, however, Avast was able to gather vast amounts of data.

Only one phone had third-party security software installed, and it actually gave up the most personal information of all.

In response to the findings, Google said: 'This research looks to be based on old devices and versions (pre-Android 3.0) and does not reflect the security protections in Android versions that are used by the vast majority of users. 

'If you sell or dispose of your device, we recommend you enable encryption on your device and apply a factory reset beforehand; this has been available on Android for over three years.'

To recover the data Avast used programs called FTK Imager, a disk imaging programme, and SuperSU, an app management programme.

In one example, Avast explains how they recoevered ‘deleted’ messages from a Facebook chat from an HTC Sensation smartphone.

‘The amount of personal data we retrieved from the phones was astounding,’ said Jude McColgan, President of Mobile at Avast.

‘We found everything from a filled-out loan form to more than 250 selfies of what appear to be the previous owner's manhood.

‘We purchased a variety of Android devices from sellers across the U.S. and used readily available recovery software to dig up personal information that was previously on the phones.

‘The take-away is that even deleted data on your used phone can be recovered unless you completely overwrite it.’

HOW TO COMPLETELY WIPE YOUR ANDROID DEVICE

1. CNet recommends that you encrypt your device before wiping it, which can be done in the ‘Security’ section of the ‘Settings’ menu.
2. Next you’ll want to perform a factory reset, which is done in the ‘Backup & reset’ section of the Settings menu.
3. For added protection you then need to load your phone with ‘dummy’ data, such as stock photos and video, so people can’t steal your identity.
4. Now perform another factory reset, erasing the dummy data. Repeat this three times or more to be as secure as possible.
5. Your data is not only now buried beneath dummy content, but if someone does get that far into your phone they’ll find it is encrypted as well.
One solution to this problem is to repeatedly perform factory resets on the phone. This should be done after encrypting it, which can be done from the settings menu. The phone should also be loaded with dummy data, so if someone does gain access they have to get through multiple levels before finding personal data

More than 80,000 used smartphones are for sale daily on eBay in the U.S., according to Avast.

‘Along with their phones, consumers may not realise they are selling their memories and their identities,’ McColgan adds.
‘Images, emails, and other documents deleted from phones can be exploited for identity theft, blackmail, or for even stalking purposes.

‘Selling your used phone is a good way to make a little extra money, but it’s potentially a bad way to protect your privacy.’


No comments:

Post a Comment