Few things be more precious, intimate and personal than the information on your smart auditory sensation. It tracks your location and logs your calls. It’s your camera and your mobile banking device; in nearly cases it is a payment system in and of itself that knows what you bought and when and where and for how much. all(prenominal) of which explains why you wipe it before sending it off to a recycler or selling it on eBay, right? Problem is, yet if you do everything right, there can serene be slews of personal data left behind.
Simply restoring a ph 1 to its manufactory settings won’t completely clear it of data. Even if you expend the built-in tools to wipe it, when you go to sell your phone on Craigslist you may be selling all sorts of things along with it that are far more valuable — your name, birth date, Social protective cover number and home address, for example. You may inadvertently sell your aged(prenominal) photos, nudes and all. The bottom line is, the stuff you thought you had gotten rid of is still there, if someone knows how to look.
“There are always artifacts left behind,” explains lee Reiber, who runs mobile forensics for AccessData.
One of the deleted photos recovered from the SD card in the Motorola Droid.
We wanted to bump what kind of data was lurking on our devices, so we rounded up every old phone we could scrounge up from or so the office and asked the owners to wipe them. Our stash consisted of two iPhone 3G models, two Motorola Droids, an LG presume and an LG Optimus. (We had hoped for a BlackBerry, but nobody had one.) Then, we shipped the phones to Reiber, who examined them to see what he could make unnecessary from the phones’ memory. Reiber and AccessData use customized hardware and software to retrieve data. But it alike sells a rig that will let anyone do the same, and phone forensics are increasingly commonplace. Courts can certainly get the data from your phone, and with the right gear, bad guys can too. So what did we find? The results ranged from non much to quite a lot.
Take the two Motorola devices. Both were wiped, and neither had much to speak of stored in their built-in memory, just some application data with no personally identifiable fingerprints.
But one user left his micro SD card in the phone. Although the table of contents of the card were deleted, the card had not been formatted. This, apparently, meant the files were recoverable. And because Android cached application data to this SD card, Reiber could recover e-mail data as well — enough that we could positively identify the phone’s owner via his e-mail address. But the real treasure trove was the photos and documents. The photos still had metadata, including the dates, quantify and locations in which the photos were shot. And while the documents were benign, if the phone’s owner had stored small information on his phone — think a tax revenue return with a Social Security number, or a .pdf bank statement — we would have had that, too.
Materials taken from WIRED
0 comments:
Post a Comment