Data left on second-hand phones is ID theft danger

If you’re selling a phone (maybe Santa is bringing a new one?), make sure you clean it first. Here’s a link to Apple’s guidelines…:

One in five secondhand phones sold online contains highly sensitive data that could be used to identify and defraud the previous owner, experts warn.

Researchers at the University of Hertfordshire purchased 100 used phones of different types on eBay to find out whether they could extract identifiable data from previous owners.

Nineteen of the handsets contained data from previous owners, and 17 per cent had data that could be used to identify them, along with other potentially valuable fragments. The information included thousands of private emails, intimate photos, contact lists, text messages, tax documents, bank account details, web browsing histories and personal calendars.

One phone still contained a contact list with 30 entries, including the previous owner’s number, a recent calls list, 114 text messages and seven photo or video messages. Some of the messages were sexually explicit.

Another phone was still logged into the previous owner’s accounts on various social media services, including Facebook, Instagram and Skype. A third phone contained a P11D Expenses and Benefits form that listed an employer’s name, PAYE reference, payroll number, National Insurance Number and date of birth.

The researchers, who were commissioned by cyber security firm Comparitech, said that, in the wrong hands, the data found on these devices could be used for a range of crimes including identity theft, fraud, extortion, and targeted phishing. The data on the phones was disovered using publicly available tools that can be downloaded online.

The phones analysed covered a range of price brackets and operating systems, including Android, iOS, Blackberry and Windows models. Overall, only 52 of the devices had been reset to factory settings, the method of wiping data from a phone that is recommended by experts before disposal. The researchers were unable to retrieve data from these phones.

The team previously ran similar studies focusing on second hand memory devices, including USB drives and SD cards. Over half of those devices still contained remnant data from previous owners.

Get Safe Online, the government-backed online safety organisation, recommends that people enable encryption on Android devices before applying a factory reset, to prevent criminals accessing any residual files. Apple’s phones have encryption by default.

Original article here