Wiping a Smartphone Still Leaves Data Behind 155
KindMind writes "To probably no one's surprise, wiping a smartphone by standard methods doesn't get all the data erased. From an article at Wired: 'Problem is, even if you do everything right, there can still be lots of personal data left behind. Simply restoring a phone to its factory settings won't completely clear it of data. Even if you use the built-in tools to wipe it, when you go to sell your phone on Craigslist you may be selling all sorts of things along with it that are far more valuable — your name, birth date, Social Security number and home address, for example. ... [On a wiped iPhone 3G, mobile forensics specialist Lee Reiber] found a large amount of deleted personal data that he recovered because it had not been overwritten. He was able to find hundreds of phone numbers from a contacts database. Worse, he found a list of nearly every Wi-Fi and cellular access point the phone had ever come across — 68,390 Wi-Fi points and 61,202 cell sites. (This was the same location data tracking that landed Apple in a privacy flap a few years ago, and caused it to change its collection methods.) Even if the phone had never connected to any of the Wi-Fi access points, iOS was still logging them, and Reiber was able to grab them and piece together a trail of where the phone had been turned on.'"
Social Security Number? (Score:1, Insightful)
Re:68,000 wifi points?? (Score:4, Insightful)
Even with the assumption that these are not unique access points ... that's still an insane number. If we change the time-frame to 2 years, roughly the average lifespan between upgrades, he's up to 95 WiFi points per day.
If the wifi points are non-unique, 100 wifi points per day would be downright easy to achieve. I probably pass far more than that on the way to and from work each day on the bus.
Remember, it's not "how many networks have you connected to" but "how many have come in range of your antenna."
Unique points would be a lot harder to hit, but as someone else points out, you could probably rack up access points very quickly in a metropolitan area.
So? (Score:4, Insightful)
This was to prove that selling your OLD PHONE can raise security issues
Re:doesn't sound like built in wipe was used (Score:2, Insightful)
You can forget it friend, any time you get an article involving the "big three", Apple, Google, or MSFT, the apologists brigade will be out in force. It doesn't matter what TFA says, it can show with hard data that Apple is lax on security, Google is going apeshit with datamining or windows 8 makes Vista look like a hit, doesn't matter, because for some damned reason these people treat the corps like ballclubs and will rush to their defense. I used to think it was some form of buyer's remorse, you know they paid too much money for their latest toy and are now rushing to defend it so they don't feel foolish? But I've seen the same behavior when the product is free so now I have NO idea why somebody who doesn't have stock would treat some megacorp like a ballclub.
As for TFA this is something I figured would be a problem once we switched to flash memory, with every die shrink the amount of cycles the flash memory can take before dying gets worse and these companies don't want to be getting a ton of "I wiped my phone and now half the storage is gone!" complaints and returns and of course even if you DID do a full wipe with the way wear leveling works by remapping and lying to the OS I don't know how trustworthy a wipe would really be except to keep Joe Clueless who buys the thing on eBay from getting the data.
So has anybody really done any extensive testing on how easy or hard it is to get a secure wipe with flash memory? I know that supposedly when a cell fails its stuck in a "read only" state and the drive just remaps to some of the spare cells so how hard would it be to get the data off those "dead" cells anyway? At the shop I have been avoiding SSDs simply because of how many failures my gamer customers have seen from the tech (kinda reminds me of the first years of HDDs and how often they went tits up back then) but it would be nice to know how well a wipe on flash memory would actually work.
Re:Email, of course (Score:4, Insightful)
In the 26 years I have had email and 12+ years I have had a smartphone I have never, EVER sent or received an email with my social security number in it.
This fear is a Capitol F in FUD.