Please create an account to participate in the Slashdot moderation system


Forgot your password?
Privacy Security Your Rights Online

Half of Used Phones Still Contain Personal Info 83

jhernik writes "More than half of second-hand mobile phones still contain personal information of the previous owner, posing a risk of identity fraud. A study found 247 pieces of personal data stored on handsets and SIM cards purchased from eBay and second-hand electronics shops. The information ranged from credit card numbers to bank account details, photographs, email address and login details to social networking sites like Facebook and Twitter. According to data security firm CPP, 81 percent of previous owners claim they have wiped personal data from their mobile phones and SIM cards before selling them. However, deleting the information manually is 'a process that security experts acknowledge leaves the data intact and retrievable.'"
This discussion has been archived. No new comments can be posted.

Half of Used Phones Still Contain Personal Info

Comments Filter:
  • Phone manufacturers and telcos are making the wiping much harder than it needs to be. I guess they do that because they don't make any money from you selling your phone second hand. This is especially true for iPhones and Android. Are Blackberry and Windows Phone 7 really the only phones that have complete wipe feature built-in? I dont even mean the usual delete, but actual multiple times overwriting. While it's more important for business users (and why RIM and Microsoft pay more attention to such details)
    • So you're saying Apple is amateurish and Microsoft is secure? Are you sure you thought that through?

      • by Ritchie70 ( 860516 ) on Thursday March 24, 2011 @08:14AM (#35597078) Journal

        It would not shock me if Microsoft took security more seriously than Apple.

        Microsoft products are the target of more attacks.

        Microsoft has more business customers.

        I just got a new phone and have no idea if I successfully deleted everything from my old phone. It seems clean, but maybe I should just take it apart into little pieces and be done with it. I usually leave old phones in the donation bin at work, though.

        • Re: (Score:1, Troll)

          by devboys ( 2025058 )
          Also remember that the iPhone jailbreaks are actually remote exploits run on a website. iPhones are basically completely rooted just by visiting a website. Great security there, tho Apple users are posting is a "good" thing as it allows them to root their phone.
    • by Dan541 ( 1032000 )

      I burn my old smart phones (literally) it's the only way I can know that the data is really gone.

      • You know, you could disassemble them and just burn the flash chips rather than the whole phone.

        I've never let go of a smartphone yet, I've only had one and it's still here. If I do, though, this is the route I'll go.

        I despise the necessity but it's not my fault. If the SIM had enough storage for more than a number and a partial name then I would have stored all my numbers in it.

      • by Lumpy ( 12016 )

        I blend them in the blendtech at the office. far better than your burning.

        The great fun is watching the co-workers complain about the taste of their smoothies for the next month after I blended a phone...

    • I don't know about the WM7 implementation, but multiple times overwriting is hit and miss on flash media due to the wear levelling algorithm.
      Unless the chip directly supports it, multiple overwrites simply spread the writes on different sectors.

    • Re: (Score:1, Informative)

      by Anonymous Coward

      Yeah, wiping an iPhone is so hard. I mean you've got to go to Settings -> General -> Reset and then tap on "Erase all content and settings".

      Can you believe they made it that hard? It's just terrible!

      • by Lumpy ( 12016 )

        OMG!!!! you have to do all that!!?!?!?!

        Windows 7 phone wipes it for you at random!

        • Windows 7 phone wipes it for you at random!

          Not totally random, my friend with one discovered the hard way. It takes a vigorous shake of the phone followed by a wiping motion with screen pressure.

    • Actually it's trivially easy to wipe an iPhone. Dunno about Android, though I assume they have the same feature, but on an you can set up an iPhone to self wipe after four failed PIN attempts. That's right, if for some reason you can't figure out who to use the large "reset to factory default condition" button in iTunes, you can turn on the PIN function and force it to wipe itself after four failed attempts. But hey, it's a lot easier to bash products you know nothing about than to actually post accurate

    • by mlts ( 1038732 ) *

      iPhones, especially the iPhone 4, have a decent erase mechanism which allows for a secure method of zeroing it out. When the device is told to erase itself, it just zeroes out the master key and replaces it with another from a cryptographically secure RNG. This is a quick, but secure way of ensuring that the data on the device is rendered inaccessible.

      Just to be safe, if I were packaging an iPhone up for resale, after doing an erase from the Settings menu, I would do a DFU restore of the firmware as well,

      • Wasn't there a recent article on /. explaining how it was almost impossible to delete the data from flash ram?

        • by qubezz ( 520511 )
          Wasn't there a recent article on /. explaining how it was almost impossible to delete the data from flash ram?

          I have proof there wasn't.

          The entire flash storage on these devices is encrypted. The keys used to decrypt the drive on the fly, also stored on flash, can be overwritten quickly. Everything else on the drive looks like random numbers and 0s after the crypto keys are wiped.

          Blackberry also securely wipes all user data if an incorrect unlock password is entered 10 (or fewer; configurable) times. The

    • by hsmith ( 818216 )
      Best troll on /. - creates a new account for every MS story. Bravo.
    • by Lumpy ( 12016 )

      HUH? I can completely wipe a iphone in 12 seconds, android phone even faster. do you even know what you are talking about?

    • by tlhIngan ( 30335 )

      I guess they do that because they don't make any money from you selling your phone second hand. This is especially true for iPhones and Android. Are Blackberry and Windows Phone 7 really the only phones that have complete wipe feature built-in?

      iPhones have wipe capability as well - there's a standard option in the settings menu for it. This I think was an option since iOS 3 which added Exchange support (where it also adds remote-wipe capability) []

  • by Anonymous Coward

    Erasing things manually?

    When I gave my old phone to my mother, I went into setup and selected "factory reset". That's it, phone wiped. I then took out the SIM card, with my contact list, and moved it to my new phone, and put her SIM card into the phone instead.

    That was a Samsung SGH-Z500, but as far as I know, every phone I've had has had a factory reset option. I even used it several times on my old Nokia 9110 company phone, although for other reasons (you'd think that phone was running Windows ME).

    • by Anonymous Coward

      The story is not about a factory reset. It's about secure wiping a phone.

  • i bought a cellphone 3 years ago, and i will continue using it until it breaks, then i will smash it with an 8 pound sledge hammer against an anvil until it is a shredded pulp, then i will sweep up the pieces and put it in the trash, good luck trying to get any info off of it after that...
  • by zach_the_lizard ( 1317619 ) on Thursday March 24, 2011 @08:49AM (#35597238)

    So, anyone got a phone I can have? I promise to whipe it

  • by mmcuh ( 1088773 ) on Thursday March 24, 2011 @08:53AM (#35597276)
    The main problem here isn't that people aren't deleting their data, it's that phones don't come with block-level or at least filesystem-level encryption for all data by default. If you're marketing something to everyone, including the idiots, you should make it idiot-proof.
    • Re: (Score:2, Insightful)

      by Anonymous Coward

      If you're marketing something to everyone, including the idiots, you should make it idiot-proof.

      If you make something idiot-proof, the world will make a better idiot.

  • How about a fairly accessible mandatory wipe option being required in new models? Might require SIM to be taken out first. Not too hard surely. Probably easier to do in Europe though ... cell phone companies would need pushing.

  • If your data is stored on chip or CDs, just nuke it. All it takes is a solid 10 seconds in the microwave ~ on high. Of course, I bare no responsibility for any toxic fumes that may be released. You've been warned.

  • The telcos like to lock down phones and cut out apps from the manufacturers

  • When you look at most phones (especially the pre-smart phone units), there are not easy ways to wipe it back to factory settings. There's no easy way to check if "wipe factory settings" really deleted the data or just removed pointers to the data. There is no sim to pull. And thus, there's no obvious way for the average consumer to dispose of their personal information other than to destroy the phone itself.

  • by Anonymous Coward

    I bought my latest (used) car just over a year ago. It has a bluetooth handsfree system built in.

    Imagine my surprise when I tried to call home one day to find that i was hearing a stranger's voice on the answering machine! Apparently the previous owner programmed her "Home" number into the car itself rather than accessing the address book from her device.

    I still have not figured out how to delete the entry!

    • RFTM seriously every car manual tells you the steps to do just that.

      This is slashdot you should know it anyways.

      It is also why i never program numbers into the car, I pick up the phone dial whom I want and let the handsfree take over.

    • So, did you ask her out?

  • C'mon, the answer is simply 'half of all phones are lost/found or stolen'. That's why the 'owners' don't care.

  • Why would you sell your SIM card? That's what the buyer needs to get from the carrier in order to activate the phone. If you sell your SIM card then it's not a case of data loss but an ignorant person.

  • I Have To Join In (Score:2, Insightful)

    by Anonymous Coward

    ...With the chorus of responses above. Every time I get a new phone I have to go through a goddamn voodoo ritual of clicking around on Google for a couple of hours trying to figure out where the phone manufacturer and/or the original carrier of the phone decided to hide, password protect, lock out, or otherwise attempt to obscure the method for doing a "master reset" or full wipe of the phone's data. I think in the USA this problem is compounded by the ubiquity of contract phones -- non-nerds can basically

  • Some manufacturers have some key combinations to erase the device. Sometimes the manuals actually the steps required.

    Not affiliated, but these guys have a db of the commands: []

Due to lack of disk space, this fortune database has been discontinued.