Avast Buys 20 Used Smartphones, Reads "Deleted" Data - FOX 35 News Orlando

myFOX Tech

Avast Buys 20 Used Smartphones, Reads "Deleted" Data

Posted: Updated:
You've seen computer forensics experts on shows like CSI go through people's damaged computers and retrieve personal information but did you know the same thing can be done with a cellphone you've put up for sale on any of the popular resell sites like Gazelle or eBay? Did you know that the person accessing your "deleted" data doesn't have to be an expert and can use readily available software to do it?

Computer security company Avast picked up and analyzed 20 used smartphones whose previous owners thought they'd done their due diligence and wiped their devices prior to selling them. What they were able to recover is outlined in a report and infographic on their website. “The amount of personal data we retrieved from the phones was astounding. We found everything from a filled-out loan form to more than 250 selfies of what appear to be the previous owner's manhood,” said Jude McColgan, President of Mobile at AVAST. What else were they able to retrieve? More than 1,500 family photos of children, 750 photos of women in various stages of undress, 750 texts and emails and much, much more.

Should You Really Be Concerned?

As someone who watches tech, one of the biggest sales spikes I see on eBay and other sites like it, takes place around the time that new smartphones are launched into the market. When the next Samsung Galaxy or iPhone is released, eBay sees a spike in used phone sales of the previous generation Samsung or iPhone as people offload old tech to help pay for the new. According to Avast, the hard numbers on that work out to 80,000 smartphones up for sale daily on eBay in the U.S. alone. And that's just smartphones! The same security concern is present with mobile devices. Do I think most people are going to check a used device to see if there is data they can undelete? No. Do I think there are people out there who will do this and is there software readily available that will help them easily undelete data? Yes. A brief search of Google's Play Store for "data recovery" shows apps with good ratings that have helped people recover pictures and files they thought they'd lost access to. While I don't think this is something you should be pouring a great deal of time and resources into, we do so much banking and other sensitive activities with our phones that it couldn't hurt to take an extra step or two before turning in that phone or tablet.

So, what can you do to keep your information secure when it's time to upgrade to new tech? Well, let's tackle that removable SD card first.

  1. Remove SD card. Keep it. That is the only way to be 100% sure it's contents won't be recovered by someone else.
  2. Buy a new, cheap SD card and include that with the sale of your old device.
  3. Use third-party software to make the data inaccessible the right way. Of course, the only way to ever be sure that no one gets those selfies you've stored on the SD card is to just keep the card or destroy it. Let me say this again, if you have sensitive business data, or your name is 007 and you're carrying spy secrets your best bet is to keep those cards in your possession. If you must include that card as part of the sale, use the format option built into the settings of your Android phone, or a third-party app like AVG Cleaner then download an app like Secure Wipe from the Google Play store and "sanitize" your card. Read the app's description carefully so you know exactly how thorough the wipe will be. Again, nothing is as thorough as keeping the card.

Before You Put Your Phone On The Market

Next up, the phone itself. iOS and Android handle wiping the phone differently. Since the study done by Avast was actually done with Android phones, that's mostly what we'll focus on here. I will say briefly that with iOS, when you erase the phone, it's pretty difficult for anyone to get at that data left on the device. Some security experts would say that it is pretty close to improbable. Data on iOS devices is encrypted by default and every time you access data on your phone it is decrypted on the fly. In order to decrypt that data, iOS uses something called an encryption key which is deleted when you wipe your iPad or iPhone, making accessing that data impossible without the key or some very advanced decryption software and know how. Android on the other hand does not decrypt by default, so there are two methods you can use to securely sanitize your device prior to putting it up for sale. First, let me say that much like that SD card, the only way to ever be 100% sure is to keep the device. Matter of fact, I keep my old devices so that I have a backup device in case i lose my current device. I also recycle old devices and give them to the kids when they're ready for a "new" device. That said, how do you secure wipe an Android?

  1. Go into the settings, then the Security menu and choose the option to "Encrypt device." Wait for the phone to encrypt your data, then do the factory reset.
  2. If you're a little paranoid and REALLY want to ensure your data has been wiped, hit Google's Play Store and download Nuke My Device for 99 cents. It will sanitize your device and make it ready for sale. Additionally, you could download the study's Author's free software avast! Anti-theft which will permanently delete and overwrite all the files on the device like Nuke My Device.

For a full explanation on why just deleting data, doesn't delete the data and why performing something called an "overwrite" is what actually sanitizes your device, check out this security article from Brown University's IT department.

Powered by WorldNow

35 Skyline Drive
Lake Mary, FL 32746

Phone: (407) 644-3535
News Tips: (866) 55-FOX35

Didn't find what you were looking for?
All content © Copyright 2000 - 2014 Fox Television Stations, Inc. and Worldnow. All Rights Reserved.
Privacy Policy | Terms of Service | Ad Choices