IE 11 is not supported. For an optimal experience visit our site on another browser.

Half of Used Cellphones Hold Previous Owners’ Data

Selling that old cellphone? Make sure you wipe it clean of personal data. Then really make sure.
/ Source: SecurityNewsDaily

Selling that old cellphone? Make sure you wipe it clean of personal data. Then really make sure.

More than half of the secondhand mobile phones examined in a British study still had sensitive personal data on them, including credit- and debit-card PINs, Facebook and Twitter usernames and passwords, bank account details, friends’ phone numbers and company information.

Yet a related poll of British adults who’d sold mobile phones found that 81 percent believed they’d completely cleaned their old handsets of personal data.

“White hat” hacker (someone who uses his skills to improve security) Jason Hart bought 35 used cellphones from eBay and brick-and-mortar shops. He used data-recovery tools of varying strength to find that 19 still contained the previous owners’ personal data.

He also bought 50 used SIM (Subscriber Identity Module) cards, used to identify users in GSM-network phones, from the same sources. Twenty-seven of them still held personal data from the previous owners.

"This report is a shocking wake-up call and shows how mobile phones can inadvertently cause people to be careless with their personal data,” said Danny Harrison of CPP Group, the English data-protection company that commissioned the study, in a press release.

Why the discrepancy between the opinion survey and the reality? It turned out most of the people who’d thought they’d wiped their phones had in fact only manually deleted data, which is inefficient at best and tends to leave a lot of unseen information lurking in the background.

Security experts recommend that phone sellers instead first make sure they log out of all Internet-based remote accounts the phone is linked to, then “factory reset” their handsets before passing them on.

As for the SIM card? If you’re not transferring it to another handset, then step on it, crush it, chop it up with scissors — make sure it’s toast.

"The safest way to remove all of your data from a mobile phone or SIM card is to totally destroy the SIM and double check to ensure that all content has been removed from your phone before disposal," Hart said in the CPP press release.

The mobile phone resale market is robust in Britain, where a single phone standard is used and consumers have a long history of trading up to newer, often more expensive handsets, a process made easy by interchangeable GSM cards.

In North America, large-scale cellphone resales really took off only after the introduction of the second-generation Apple iPhone, which flooded the market with still-in-demand first-generation iPhones. Until then, used cellphones had been seen here as nearly worthless — as used SIM cards still are.

That doesn’t make North Americans, who are embracing smartphones heartily, any less susceptible to inadvertent cellphone data breaches.

“Our experiment found that newer smartphones have more capabilities to store information,” said Hart, “and that information is much easier to recover than on traditional mobiles due to the increase of applications."