September 30th, 2008

44% of second hand mobile devices still contain sensitive data

Posted by Dancho Danchev @ 6:53 pm

Categories: Data theft, Mobile (In)Security, Passwords, Privacy, Research

Tags: Security, Blackberry, Cell phone, British Telecom, Corporate Espionage, Data loss, Dancho Danchev

According to a recent research conducted by BT, the Edith Cowan University, and the University of Glamorgan (Wales), 44% of the 160 second-hand devices that they tested, still contained sensitive data such as bank accounts, board meetings, business plans, and financial data. Using the data obtained, their analysis indicated a greater risk of espionage for the organizations the owner works for, than for the individuals themselves, once again proving that users don’t erase the data on their devices before selling them, thereby acting as the weakest link.

The potential for abuse in the form of corporate espionage, unethical competitive intelligence, business sabotage and blackmailing will naturally increase, following the high number of lost mobile devices with ever increasing capacity and the lack of basic security awareness on the user’s end.

“New research finds 44 per cent of second-hand devices still contain sensitive data Over a third of BlackBerry devices are sold without being wiped of sensitive personal and corporate data, according to new research released today by BT. The study of over 160 second-hand handheld devices found they still contained details of bank accounts, board meetings and financial data. Nearly a quarter of phones contained information which could allow the previous owner and employer to be identified, while 43 per cent of BlackBerrys contained information which could pose a significant risk to organisations if exposed.”

What type of data were the researchers able to access? Starting from salary details, financial company data, bank account details, sensitive business plans, and personal medical details, and going to bids and contracts under negotiations, uncomplimentary comments about employees, an extensive list of contacts and a complete log of phone calls and diary commitments, in between evidence of an ongoing affair between a man and a woman :

“According to Godfrey at Sims Lifecycle Services, a discarded, unwiped phone or PDA is “a perfect tool for social engineering, and it’s only going to get worse” as the storage capacity of mobile devices increases. He says: “The point of this work is really to bring that across to people the risks that mobile phones present to their personal data.” Of the devices in the survey, 7% had enough personal data on them for the individual concerned to have their identity stolen, and 7% would have allowed a corporate fraud to have taken place. Another 2% still had Sim cards in them, while 27% of the BlackBerrys in the survey had company data and 16% carried personal information.”

In case you wouldn’t feel that very comfortable being in the center of a corporate espionage scandal, or have your private life exposed to someone that could figure out a way to monetize your private life by blackmailing you - wipe your private data before selling your device.