Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Privacy The Internet Hardware

Wealth of Personal Data Found On Used Electronics Purchased Online 70

An anonymous reader writes: After examining 122 used mobile devices, hard disk drives and solid state drives purchased online, Blancco Technology Group and Kroll Ontrack found 48% contained residual data. In addition, 35% of mobile devices contained emails, texts/SMS/IMs, and videos. From the article: "Upon closer examination, Blancco Technology Group and Kroll Ontrack discovered that a deletion attempt had been made on 57 percent of the mobile devices and 75 percent of the drives that contained residual data. Even more compelling was the discovery that those deletion attempts had been unsuccessful due to common, but unreliable methods used, leaving sensitive information exposed and potentially accessible to cyber criminals. The residual data left on two of the second-hand mobile devices were significant enough to discern the original users' identities. Whether it's a person's emails containing their contact information or media files involving a company's intellectual property, lingering data can have serious consequences."
This discussion has been archived. No new comments can be posted.

Wealth of Personal Data Found On Used Electronics Purchased Online

Comments Filter:
  • by ganjadude ( 952775 ) on Wednesday October 07, 2015 @06:18PM (#50682219) Homepage
    this is why when i sell my old electronics, the drive comes out
    • by Anonymous Coward

      This is why when I buy old electronics the hard drive comes out...

      and onto a usb-sata adapter to have a nose. If you think you're gonna find nudes you're right - I have so many dick pics it's crazy.

    • by Anonymous Coward

      I'm dying to know how you pull out the disk of your smartphone (without killing it, that is).

      • my smart phones become backups, then the backup gets trashed when the new backup comes. those devices I dont sell
    • by mlts ( 1038732 )

      I take an easier approach. If I'm selling something I'll replace the drive.

      However, for a machine I'm giving to a friend or family member, what I wind up doing is just a format command, then a pass with cipher /w (assuming Windows.) Since all my volumes are BitLocker protected, a format command overwrites the areas on the hard drive with the volume master key multiple times. Even with the right BitLocker password or recovery key protector, the data is gone, since the master key cannot be retrieved. The

      • However, for a machine I'm giving to a friend or family member, what I wind up doing is just a format command, then a pass with cipher /w (assuming Windows.) Since all my volumes are BitLocker protected, a format command overwrites the areas on the hard drive with the volume master key multiple times. Even with the right BitLocker password or recovery key protector, the data is gone, since the master key cannot be retrieved. The cipher /w just does a simple three pass (zeroes, ones, random numbers), which is good enough for almost anything.

        Why? What's the point? Self-entitled "nerds" here keep perpetuating the same old myths that you need to wipe and wipe and wipe and wipe a billion times for the data to be completely inaccessible and are just making themselves look just as ignorant as the people they berate themselves.There is plenty of research on this topic and I wish people would just finally learn something and stop spreading some god damn myths.

        The purpose of this paper was a categorical settlement to the controversy surrounding the mi

    • by antdude ( 79039 )

      How with mobile devices? What about warranties when the company want them back to RMA?

      • by tlhIngan ( 30335 )

        How with mobile devices? What about warranties when the company want them back to RMA?

        Don't mobile devices have a clear and delete everything that works?

        I know iOS does - since iOS 3. On iPhone 3GS and higher, what it does is it deletes the flash storage key and regenerates a new one (which is why the older ones needed a OS reload - it wiped the OS as well). On older iPhones, it physically erased the storage because the stores are unencrypted. Which is why on those phones it took hours to run, while on the

  • by turkeydance ( 1266624 ) on Wednesday October 07, 2015 @06:23PM (#50682263)
    a local University 'surplused' some used copiers, and found out the hard way that the hard-drives kept copies of all copies.
    • by PopeRatzo ( 965947 ) on Wednesday October 07, 2015 @06:58PM (#50682459) Journal

      a local University 'surplused' some used copiers, and found out the hard way that the hard-drives kept copies of all copies.

      They also found out that 27% of all copies made were of someone's ass.

    • by Anonymous Coward

      Photocopiers would have to be the worst offenders. Seriously, I'm no hacker, but most of time these things seem to keep a store of whatever has been printed, photocopied and scanned *visible* by default. A few clicks and you can find it and reprint it: no passwords, nothing. Maybe there's a setting to turn of this default stupidity, but usually these are work machines set up by a secretary or someone similar, so there's almost zero chance of the defaults being changed.

      Now I'm mildly paranoid so I manuall

  • by JustAnotherOldGuy ( 4145623 ) on Wednesday October 07, 2015 @06:26PM (#50682291)

    Really, does this surprise anybody?

    Headline should read, "Most People Too Stupid To Wipe Electronic Devices Before Selling Them", and it should be from the Really really shocking news dept"

    • by fightinfilipino ( 1449273 ) on Wednesday October 07, 2015 @06:30PM (#50682309) Homepage

      Really, does this surprise anybody?

      Headline should read, "Most People Too Stupid To Wipe Electronic Devices Before Selling Them", and it should be from the Really really shocking news dept"

      in those people's defense, it is difficult to completely wipe mobile devices. using the device's own wipe/format tools does not guarantee the device does not have residual data. it's easier to wipe a hard disk on a PC (using DBAN or similar), but mobile devices are not as easy to format and clean.

    • Really, does this surprise anybody?

      I'm not surprised in the least. It's hard for folks who barely know how to plug something in and turn it on to comprehend how dangerous the information on that hard drive really is, even if you have deleted all the files you think are important. How many people know (or would care if they did) how the file system on their laptop actually works, that deleted files are NOT gone yet, or that cluster tips and system save/restore and crash dumps can carry a wealth of information even if you have run a multi-pa

      • that deleted files are NOT gone yet, or that cluster tips and system save/restore and crash dumps can carry a wealth of information even if you have run a multi-pass overwrite program? Very few.

        And this is why when I'm decommissioning a PC, the hard drive is removed, taken to the range, and literally shot to pieces.
        If inclement weather doesn't permit the "range erase" option, a hammer and chisel plus a band-saw do a pretty good job.

        Either way, it's destroyed beyond any hope of recovery. I suspect even a highly-advanced alien race would be hard-pressed to reconstruct it far enough to get anything useful off of it.

        • You mean you don't take the time to dissemble the drive, remove the platters and dissolve the magnetic coating in acid? You poor soul.... Personally, I'm content to erase the drive by doing a low level format, but hey, I love to live dangerously given that this won't touch any "bad blocks" replaced by the drive controller....
          • You mean you don't take the time to dissemble the drive, remove the platters and dissolve the magnetic coating in acid?

            I used to scrape the magnetic coating off with my teeth but then knives and forks started sticking to my teeth. So embarrassing.

        • And this is why when I'm decommissioning a PC, the hard drive is removed, taken to the range, and literally shot to pieces.

          Heathen. You don't recover the fridge magnets?
    • And when they do "wipe" a device they still could leave thousands of emails behind. Some of them might even be classified.
    • Not really considering that this type of article comes out at least once a year.

    • by Lumpy ( 12016 )

      Actually "most people are too stupid" is a proper headline. and it's the truth. the average person is dumb as a box of rocks when it comes to ANY technology. and it's because they dont want to bother learning.

      Lazy is the new in thing.

    • Technically you fall in this "stupid" category, as just wiping alone is not sufficient to prevent recovery.
      • Technically you fall in this "stupid" category, as just wiping alone is not sufficient to prevent recovery.

        Not the way I wipe them. It involves a range and about 20 rounds of 5.56 ammo. And I provide a 100% guarantee that no data will be able to be recovered.

        • Headline should read, "Most People Too Stupid To Wipe Electronic Devices Before Selling Them", and it should be from the Really really shocking news dept"

          How does shooting "about 20 rounds of 5.56 ammo" relate to your comment about wiping a device? You are referring to physical destruction of media, whereas wiping is typically associated with the function literally using the word "wipe" in a mobile device recovery or OS, such as "wipe data" or "wipe cache". (Wipe-by-shooting-with-ammo is not an option.)

          • How does shooting "about 20 rounds of 5.56 ammo" relate to your comment about wiping a device? You are referring to physical destruction of media, whereas wiping is typically associated with the function literally using the word "wipe" in a mobile device recovery or OS, such as "wipe data" or "wipe cache". (Wipe-by-shooting-with-ammo is not an option.)

            Thanks, Mr Pedant!

            Look, you wipe your way, I'll wipe my way. And frankly, no one can dispute that when I'm done doing it my way, the data is indeed, "wiped out". :)

            • Sure, fine, we can agree to that.

              Your comment is not helpful though and is actually counter-productive. On face value, your comment is propagating the issue, making people feel sure that they are wiping* their device and they are fine.

              *With no other further action** as you later revealed.

              **Cited further action is not even valid when discussing selling a device.

              • Your comment is not helpful though and is actually counter-productive. On face value, your comment is propagating the issue, making people feel sure that they are wiping* their device and they are fine.

                Bullshit. Stop being such a pedant. My comment is not responsible for anyone doing or not doing anything.

                -

                **Cited further action is not even valid when discussing selling a device.

                It is if they're buying a box full of fractured metal and plastic debris that used to be a hard drive.

                Seriously, stop being such a fucking numpty. No one except the most quibbling of anal-retentive nitpickers could or would misunderstand my comment or take issue with it the way you have.

  • by Mike Grauer Jr ( 4287453 ) on Wednesday October 07, 2015 @06:46PM (#50682395)
    I work at a large thrift store and trust me. When the tech comes in it still in most cases has the donators stuff on it. From the hard drives we get to the routers and everything in-between.
  • I once bought a lot of used/returned MP3 players at auction. While I didn't get a wealth of personal data, I did get a wealth of "free" music. Based on value, I was actually paying for the music rather than the MP3 players.

    Retailers don't have the resources to wipe the memory on returned devices, they rely on the people who buy the resold devices to be scrupulous.

  • Residual data on two of 122 used mobile devices had residual data left... significant enough to discern the original users' identities.

    The humanity!!

  • by roc97007 ( 608802 ) on Wednesday October 07, 2015 @06:59PM (#50682463) Journal

    There was a time when my daughter was really into blackberrys, because you could text really fast on the keyboard. She discovered that a local electronic junk store had a stack of various models of blackberry for something like five bucks apiece, so she bought three of them, and would put her sim in different phones depending on whether she felt like carrying a 6000 series or a 7000 series or a Curve.

    Anyway, one thing she discovered is that none (0) of them had been wiped, and she had access to documents, baby photos and all kinds of stuff. Nothing pornographic, fortunately. At least, that she told me about.

    • by zazzel ( 98233 )

      I even received an unwiped "Warehouse Deals" phablet from an unnamed online vendor (potentially named after a large river), that had personal documents, holiday pictures AND pornographic videos on it. My girlfriend discovered the videos - fortunately right on the first day, while we were playing around with it. Said online vendor then immediately agreed to a further discount. Which was quite a good idea, since in my country, spreading unwanted pornographic material is illegal.

      And yes, I also know the previo

  • It wasn't and required another's account removed, all of this Mexicans information was displayed down to their credit card number, and other personal info; making sure we wanted this information removed.

    We did laugh at it later thinking of the problems this person would of had if we were that type.

  • AGAIN???!!! :/

    When will this news item stop being regurgitated. OF COURSE information will be found on discarded storage devices.
    We know, it's logical and expected, and we have been informed by jobless journalists a zillion times already.

  • Erasing isn't enough, you have to overwrite the file system with random data ..
  • My Samsung Galaxy S3 was an awesome phone, up until the moment it died without warning. It was simply sitting on my desk charging one moment, and then completely gone the next. Battery swap didn't fix it.

    I had insurance on the phone and ended up using it, but the phone was dead and there was no way to wipe it. I had to send back the dead one as-is in exchange for a replacement. What happened to that broken phone, I have no idea, but it would not surprise me if a pile of broken phones ended up being rep

  • Two years ago I bought a Certified Pre-Owned BMW from a dealer. It's basically a used car of a supposed "higher quality" from a dealer. Turned out that even though they do some sort of 5million point inspection, they forgot to clear the mp3 collection uploaded into the car's entertainment system, didn't clear the stored phonebook, nor the 10 recent phone numbers.

Machines that have broken down will work perfectly when the repairman arrives.

Working...