Phones now form an integral part of our lives, and most of us will swap devices every no and then, we will swap devices. However, is our usual factory reset sufficient in ensuring our data is safe from prying eyes? Well, in the case of android, the answer is no.
According to the Avast researchers, Jaromir Horejsi and David Fiser, they have purchased 20 smartphones on eBay that had supposedly been wiped using Android’s factory reset, but they found that with digital forensics tools and a little effort, they could restore a lot of the previous owner’s data. In fact, not one of the phones were entirely clean. Here’s what they had to say:
Although at first glance the phones appeared thoroughly erased, we quickly retrieved a lot of private data. In most cases, we got to the low-level analysis, which helped us recover SMS and chat messages.
They had extracted 40,000 images, including over 750 partial or full nude images of women, and 250 nudes of men. In addition, 750 emails and texts, 250 contacts, the identity of four previous owners, as well as one completed loan application were retrieved.
In fact, Avast was able to log into an owner’s Facebook, and track his previous whereabouts using GPS coordinates.
For all of these, all they did was to use FTK imager, a digital forensics tool which can be downloaded free online, to extract the data. They also used the resources of the XDA developer forum, in which experts and programmers share their knowledge on mobile platforms. They also used Android’s own Android Debug Bridge as well as Android Backup Extractor, to make a backup all of a phone’s data to a computer without needing to unlock it, and then accessing the data.
Whilst degaussing data on a mobile device might be a challenge, but as a consolation, you still can make your data unreadable. You can do so by encrypting the device before performing the factory reset. Because, by resetting, it should delete the encryption key, and in theory, making any retained information inaccessible.
ISACA Student Group | NYP 