‘Naked selfies’ can be retrieved from 'factory reset' devices

Security

by CBR Staff Writer| 14 July 2014

All files need to be overwritten and made irretrievable before reselling the device.

Using built-in 'factory reset' and 'delete-all' facilities on Google's Android powered smartphones is not enough to erase personal information, research has revealed.

A report from Czech Republic-based security firm Avast revealed that researchers were able to retrieve more than 40,000 pictures, including 'naked selfies' of female and even male anatomy from second-hand factory-wiped Android phones, which they purchased on eBay.

Despite consumers deleting their data, the Android vulnerability enabled Avast to even to extract emails, text messages and Google searches by making use of standard forensic security tools, which confirms that the factory reset function does not work, the report added.

Avast Mobile president Jude McColgan noted that deleting files from Android phones before selling them or giving them away is not enough.

"You need to overwrite your files, making them irretrievable," McColgan added.

In response to Avast's findings, Google told Ars Technica that the latest research looks to be based on old devices and versions (pre-Android 3.0) and does not reflect the security protections in Android versions that are used by the vast majority of users.

"If you sell or dispose of your device, we recommend you enable encryption on your device and apply a factory reset beforehand; this has been available on Android for over three years," Google added.

Warning consumers to be aware of such vulnerabilities, McColgan added that along with phones, consumers may not realise they are selling their memories and their identities.

"Images, emails, and other documents deleted from phones can be exploited for identity theft, blackmail, or for even stalking purposes," McColgan said.

"Selling your used phone is a good way to make a little extra money, but it's potentially a bad way to protect your privacy."

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

755 people like this.
0 people follow this.

Security Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.