Smartphones see use in more applications in the manufacturing automation environment these days, but as users upgrade their devices it is becoming apparent it is easy to pull important information off old phones, a new report said.
“I buy a lot of recycled phones and there is tons of data still on them,” said Lee Reiber, director of mobile forensics for AccessData, a digital forensics company. “I’d guess if you went and grabbed 10 phones [from recycling companies], 60 percent of those are going to contain data still.”
One of AccessData’s customers contacted the company saying he was interested one how much data remained on phones sold by used phone resellers and consumers.
The phones were the iPhone 3G, Sanyo 2300, HTC Wildfire, LG Optimus, and HTC Hero. Of those five, the iPhone and the old Sanyo did not undergo a reset and contained what Reiber called logical data — things like active account sign-ons, contacts, and calendar information easily usable by any person who turns on the phone.
Even though all of the Android phones went through a factory reset, four of the five phones also included information that would take someone with forensics tools and knowledge to extract from more hidden storage locations.
“All five of them had some way to identify at least the location where the device came from, whether that was the phone serial number and the old phone number,” he said. “Four of the five when we started looking at them further could actually identify a person or a location.”
Some of the details available within those four phones included user account information, Social Security numbers, geolocation tags for where the user had taken pictures using the phone, deleted text messages, and a resume.
Even the old Sanyo, a phone Reiber said most people wouldn’t think twice about containing too much sensitive information, had account log-in information for Yahoo that defaulted within the forms used to log into Yahoo as the former phone’s owner.
This is a perfect case scenario where someone was able to dig into a smartphone and possibly access sensitive corporate data. This shows the difficulty organizations face to ensure they completely destroy data on their smartphones, whether a consumer or company owns it.