Buying and selling things online are just two of the many activities Internet users are fond of doing. For some, they shop for clothes, bags, shoes, jewelries, and books; for others, they shop for mint condition to used electronics both big and small, such as laptops, tablets, and mobile phones.
Among these, the greater risk of privacy obviously falls on handheld devices. In fact, a recent study shows that some second-hand devices being sold on eBay, Amazon, and Gazelle.com contain residual data (emails, text and instant messages, call logs, and photos) from their previous owners.
Blancco Technology Group and Kroll Ontrack, a known mobile diagnostics provider and risk consulting firm, respectively, are behind this study, and they recently released their results in a whitepaper entitled “Privacy for Sale”.
Interested readers of this blog can download the paper from their website; however, they are required to register with their email address, name, and country.
Permanent file deletion has been a recurring topic among electronics aficionados. Believe it or not, attempts at deleting files using common methods may sometimes be unsuccessful.
So in the spirit of National Cybersecurity Awareness Month, we have focused on how users can properly remove personal files from mobile devices.
We consulted with one of our experts on mobile security, Senior Malware Intelligence Analyst Armando Orozco, regarding this matter.
When attempting to ‘wipe’ a mobile device, Orozco advised that users may want to take a similar approach as they would a PC. This means that they not just delete the data but also try to scramble and overwrite as much as possible. He gives our readers these steps to follow:
- Backup. Users may first want to back-up all the data you want to save from that device. One can use cloud backup software, a PC, or one or more external drives if necessary.
- Encrypt. If user data is not encrypted and the device has that option available, encrypt all data on the device. Encrypting the data helps scramble the data as it’s seen on the device making it difficult to recover.
- Reset. Do an initial factory reset of the device using the built-in tool made available by the OS.
- Fake. Simply deleting the data doesn’t make it disappear. It still resides on the drive/disk/chip and zeroing out the device isn’t practical, in most cases. Users may want to create some fake data that will help overwrite some of existing data, making it harder for anyone to stitch old data together. After resetting the device, create some fake data like contacts, non-cognizable pictures (with geolocation turned off) and a video or two. Do not sign-in to any accounts, setup Wi-Fi, or create any other identifying data anymore.
- Reset. Do a second factory reset of the device.
- Repeat. Do steps 3, 4, and 5 again, if needed (or if the user is extra paranoid).
- Remember. Don’t forget to remove the SIM and any external memory cards from the device.
It’s a bit of an involved process to help secure and remove one’s data, but it’s time well spent.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.