If you have some old tech you want to sell then eBay may be your first port of call. As much as I dislike the site and some of its practices, it still presents a means of putting unwanted goods in front of a huge number of eyeballs. But the problem with that it is it has generated a marketplace that appeals to a massive number of people, many of whom are not as security conscious as perhaps they could be.

I myself have bought a second-hand laptop in years gone by, only to discover that the previous owner had made absolutely no attempt whatsoever to clear their private data from the machine. I discovered his favourite websites (I hope he visited THAT site when his wife wasn’t around), I know who he banked with, I wasn’t partial to his taste in music, but I did agree strongly with the Liverpool FC background he left on it.

Ultimately, what I learned is that some people lack the security awareness, or are too lazy, to wipe their personal data from computers and other devices before disposing of them via an auction site or the local tip. Based upon hard drives I’ve been given by friends, it is a widespread problem which we can only hope to eradicate by raising the issue and educating people.

But sometimes education isn’t enough.

Take the Hudl tablet for example. Ken Munro of Pen Test Partners recently conducted an experiment, in conjunction with the BBC, in which he examined the data deletion systems on Android devices.

Purchasing second-hand Hudls from eBay, Munro discovered that even those previous owners who had wiped the device before shipping were at risk of having their confidential data accessed.

Munro found that the device retained information even after a factory reset due to a flaw in the Rockchip processor’s firmware. The known bug allowed him to read and write to the device using freely available software. Extracting information only took minutes but the analysis of the data typically took a couple of hours per machine. Once done, however, Munro was able to determine PIN codes, wi-fi keys, cookies and other browsing data that would have allowed him to spoof the original owner.

A Tesco spokesperson told the BBC that:

“Customers should always ensure all personal information is removed prior to giving away or selling any mobile device. To guarantee this, customers should use a data wipe program.”

The spokesperson went on to say that any Hudls returned to Tesco would be securely wiped by the company, but urged users to visit the Get Safe Online website if they have any further privacy-related concerns.

Marc Rogers, principal researcher at Lookout, explained further, saying that a secure wipe should be used before disposing of any data-storing device. Such a wipe will overwrite all onboard memory with ones and zeroes, rendering it useless to any third party that later tried to access it. Unfortunately though, most manufacturers have adopted a different approach to factory resets he said:

“There’s an Android function to wipe data and most manufacturers are using that. But all that does is remove the index of where data is and does not delete data at all.”

Lookout also revealed that police had revealed that the average underground price for a second-hand smartphone with personal data on it was around £600, which just goes to show the potential value of that data to the crook who ends up buying it.

As sales of smartphones and tablets increase, in part due to their convenience and portability, it is increasingly likely that owners will entrust more and more data to them. When those devices are subsequently sold on the selfies left in memory may provide the new owner with a few chuckles, but there is a chance that the banking data, credit card numbers and less than safe for work snaps may leave the original owner with something far more tangible than the thought of a stranger laughing at them.

So, if you are selling a Hudl, or any other device that has previously held your personal data, ensure that you wipe it securely before placing that listing.

About the Author: admin

Let’s Talk

Please leave your contact details and a member of our team will be in touch shortly.

"*" indicates required fields