Mobile Security: Sell Used iPhones, BlackBerrys. Crush Used Android Devices.

According to a McAfee identity theft expert, you have nothing to fear from the sale of a “wiped” BlackBerry device or an Apple iPhone.  But, you might want to think twice about selling your Android device.  The same applies to Windows XP machines (but honestly, the use of drive encryption software like AlertBoot would easily fix any concerns related to “wiped data” on laptops running XP — or any other operating system, for that matter).

Not the Most Thorough Sampling in the World relays a little survey carried out by Robert Siciliano, identify theft expert at McAfee.  Siciliano purchased 30 electronic devices from — where else? — Craigslist in order to see what type of personal data he could unearth from second-hand digital electronic devices.  It’s not what I would call a representative sample, especially seeing how he uses only the 30 to discuss five different “operating systems”: BlackBerry OS, iOS, Android OS, Windows 7, and Windows XP.  That’s six devices per OS.  (Plus, if your sample is from CL, chances are you’re sampling your neighborhood — your city at best.  No way your sample is representative of what’s going on in the US).

But, long story short: from 15 devices he couldn’t get anything.  From the remaining 15, he:

was able to get bank account information, Social Security numbers, court documents, credit card account log-ins and a host of other personal data off those devices with not much effort.

And the worst part? Most of those devices had already been “wiped” by their previous owner — meaning all personal files had been deleted and the user had restored the device’s factory settings as per the manufacturer’s instructions.

It turns out that BlackBerrys (BB) and iPhones did an excellent job when it came to wiping data, as did Windows 7 laptops, whereas laptops running Windows XP and Android devices did not.

Of course, BB is celebrated for the implementation of data security.  Indeed, it’s one of the main reasons why it was the device of choice in corporate settings during the early 2000s.  As for iPhones and other iApple-thingamajingy’s, all of their devices come with hardware encryption built-in (AES-256).  Because the encryption is running fulltime, “wiping data” is just a matter of losing the encryption key.

My understanding is that most, if not all, Android devices also come with hardware encryption, just like the iOS devices…but, there are so many forks to the Android OS, I can see how certain manufacturers did not do their homework when it comes to securing their devices.  In fact, even as the US’s National Security Agency was releasing their specification sheets for a secure Android device, they were commenting that:

[the] NSA has some misgivings about Android at any rate because the intelligence agency discovered that the phone manufacturers of Android smartphones are themselves changing the Android OS so much, that “Android is not Android. It’s whatever the maker of the phone decides to put in.”

As for laptops and desktops, many people are confused on what it means to wipe data.  Some believe that formatting a hard drive will do the trick.  Nothing could be further from the truth.  The only way to “wipe” data saved to a computer’s disk is to write it over with other data, such as with a string of zeros.

An alternate data security option?  Do what Apple or BB does with their devices but for your laptop computers: use full disk encryption to protect the hard disk.

Related Articles and Sites:

Comments (0)

Let us know what you think