In the digital world, “delete” never means what it says. A Czech Republic-based security firm, Avast, said they were used security software to extract thousands of images, including “naked selfies,” from used Android phones that were supposedly wiped clean before resale.
The firm bought 20 phones on eBay and then used their security tools to access more than 40,000 photos, 750 of which were photos of women “in various stages of undress” and another 250 photos that showed male anatomy.
It wasn’t just images that Avast technicians were able to find. They also found emails, text messages and Google searches.
Typically, smartphones come with a “factory reset” option that allows devices to be wiped clean and restored to their original state.
But it looks like older smartphones only erase the indexing of the data and not the data itself.
“Deleting files from your Android phone before selling it or giving it away is not enough. You need to overwrite your files, making them irretrievable,” Avast wrote in a blog.
Phones running software prior to Android 4.0 are particularly vulnerable, but newer devices are not completely secure because the file encryption is optional.
Apple iPhones starting with the 3GS and iPads automatically encrypt data and so factory resets eliminate all data.
Independent computer security analyst Graham Cluley told the BBC that users should make sure their devices are always “protected with a PIN or passphrase, and that the data on it is encrypted.”
But lan Calder, founder of cybersecurity and risk management firm IT Governance, said users should take it one step forward.
“If you don’t want your data recovered, destroy the phone — and that has been standard security advice, in relation to telephones and computer drives, for a number of years. Any other ‘solution’ simply postpones the point at which someone is able to access your confidential data.”
Credit: Robert Recker/Corbis