Discarded Handhelds Reveal Secrets

Written by Adam Gosling

Thursday, 31 August 2006

A security vendor says it found banking details, corporate emails and all manner of private information on Smartphones and PDA's it bought on eBay. Like a personal computer, when you delete a file from a PDA or smartphone you aren't actually destroying the data just the index entry that tells the operating system where to find the data. So using the right software tools, it is possible to examine the storage on a handheld device to find information its owner thought was deleted and long gone. A test carried out by mobile security software provider Trust Digital involved buying used equipment off eBay and then setting the engineers to work at seeing what they could recover off the second hand device. It turns out they found plenty. Trust Digital was able to recover sensitive personal and/or corporate information off nine out of ten devices they tested. Banking records, old text messages, corporate emails and more all inadvertently left on the device. In all they recovered nearly 27,000 pages of data. The salvaged data included personal banking and tax information, corporate sales activity notes, corporate client records, product roadmaps, contact address books, phone and Web logs, calendar records, personal and business correspondence, computer passwords, user medication information, and other private, competitive or potentially damaging material. While Trust Digital doesn't name names, one of the devices it managed to retrieve deleted information from belonged to "a former employee of a publicly traded security software company". Another was sold by an employee of a web services firm, another by a corporate counsel of a multi-billion dollar technology company serving the legal market. The only device the researchers didn't get data from was one that had never been used. "Personal and corporate data is being sold on the open market through eBay, and it's also available to anyone who finds, steals or purchases a used smartphone or PDA from any other source," said Nick Magliato, CEO of Trust Digital. "The general public needs to immediately be made aware of this fact. Whether you're talking about pilfering an individual's private files or stealing corporate secrets, this adds up to a very real data theft epidemic," he continued. The company warns that users need to carry out a "hard wipe" which properly deletes all the data on their devices before they are sold. It also reminds users they should implement password protection on these types of devices to protect information in the case of theft. http://www.trustdigital.com. Related news items Palm Goes Consumer With Treo 500v -12/09/2007 First Windows 6 Palm In Australia -12/09/2007 Fujitsu Siemens To Give Up On PDAs -13/08/2007 Motorola Nudged Out Of Second Place -04/08/2007 Changing Fortunes For Smartphone Makers -03/07/2007 Newer news items IBM Laptop Explodes At LAX -17/09/2006 Dell, Apple Travel Restrictions Grow -15/09/2006 "Missed Call" SPAM Under ACMA Investigation -14/09/2006 Only 6,000? Panasonic Must Have Recall Envy -06/09/2006 Unprotected Phones Abandoned At Airports -03/09/2006 Older news items Apple Follows Dell To Replace Sony Batteries -24/08/2006 Naughty Dell Notebooks Powerless On Qantas -23/08/2006 Cell Phone Forces Pilot To Abort Flight -14/08/2006 Dell To Recall Exploding Batteries -14/08/2006 3 Teams With AppSense For More Affordable Security -09/08/2006 Tag This Now: