Tag Archives: Data

How to thoroughly wipe your phone before selling it

Make sure your Android phone is wiped clean before you sell it.

Every day, tens of thousands of people sell or give away their old mobile phones. We decided to buy some of these used phones to test whether they had been wiped clean of their data. What we found was astonishing: 40,000 photos including 750 photos of partially nude women and more than 250 male nude selfies, 750 emails and texts, 250 names and addresses, a collection of anime porn, a complete loan application, and the identity of four of the previous phone owners.

How did we recover so much personal data?

The problem is that people thought they deleted files but the standard features that came with their operating system did not do the job completely. The operating system deleted the corresponding pointers in the file table and marked the space occupied by the file as free. But in reality, the file still existed and remained on the drive.

With regular use of the device, eventually new data would overwrite the old data but since the person was selling the phone, that never happened and the files were still intact.

It works the same way on your PC. I used free software to recover deleted photos that I thought were missing forever because they had not been overwritten yet.

You can permanently delete data with Avast Anti-Theft

Avast’s free app for Android, Avast Anti-Theft, actually deletes and overwrites all of your personal files. All you do is follow these steps to delete personal data from your smartphone before you sell it or give it away.

1. Install Avast Anti-Theft on your Android device. The app is free from the Google Play Store.
2. Configure Avast Anti-Theft to work with your My Avast account. This gives you remote access to your phone through your PC.
3. Turn on the thorough wipe feature within the app.
4. Log in to your My Avast account from a PC to wipe your phone. This will delete and overwrite all of your personal data.

Follow Avast on FacebookTwitter, YouTube, and Google+ where we keep you updated on cybersecurity news every day.

What data do you protect on your phone?

With over 100 million installs of AVG AntiVirus for Android, we help a huge number of people protect their devices and their data. One of the popular tools in our app is the “App Locker”.

By analyzing a sample of anonymized user data, we’ve learned which information users want to protect the most and have discovered how app updates actually make us more aware of our privacy than before.

 

Messaging Apps come out on top

When it comes to data that people want to keep private, nothing beats personal messages. Four of the top five most locked apps were messaging apps with WhatsApp the most popular.

Top 5

 

Personal data

As one might expect, after messaging apps, social networking and photo apps were the next most locked. People have a clear understanding that they want to keep their personal life private and take steps to the data stored within these apps

App Categories

 

The Privacy Window

Once installed, it’s easy to forget how an app may have access to sensitive data or personal files. We’ve seen that one thing that causes us to remember these permissions are updates. We understood this to mean that there is privacy window in which we all think about apps and their permissions.

Our apps allow us to turn our smartphones into incredibly powerful devices that do everything for us. In return though, we give apps, and their developers access to our data and our lives. To use Instagram, for example, we must first allow it access to our pictures.

This means that each app carefully creates a unique and personal experience for each user, they also become private things that perhaps we don’t want to share.

That’s the idea behind the App Locker feature in AVG AntiVirus for Android. Available as part of the PRO product, App Locker is designed to help you decide what you would like to keep private and password protected.

It could be your messages or even, an app that you don’t want your child to use when they have your device, it’s entirely up to you.

Download AVG AntiVirus for Android today.

Office of Personal Management Hacked – US Government Downplays the Event

The second admission followed a week later. The Office of Personel Management (OPM) announced that on June 4, a hack attack had succeeded on governmental staff – four million people affected. It now appears that an additional 18 million records were stolen. The government, communicated this as two separate events in an apparent attempt to downplay the scale.

So what happened in the alleged second hack? That 18 million Social Security numbers have been compromised, is a “preliminary, unverified, approximate” according to a letter from the Director of OPM, Katherine Archuleta. The number — 18 million – affects people working for a federal agency or who applied for funding. The data, according to US government circles, may be in the hands of spies from the People’s Republic of China. This has been flatly denied by Chinese officials.

Mrs. Archuleta was called to testify before a Congressional committee: Encryptions are not always possible due to the age of facilities. She argued, however, that even encryption would have not sufficed, because the hackers would then have copied keys and passwords.

An article from the Wall Street Journal mentions that the government described the attack as happening in two waves in orde rto downlplay the severity. In addition, the OPM had denied the disclosure of sensitive information twice, even though the FBI had informed the OPM on June 5 about the attack…

The post Office of Personal Management Hacked – US Government Downplays the Event appeared first on Avira Blog.

OPM: Are Personnel Records of All Fed Workers Exposed?

Two weeks ago OPM, the US Office of Personnel Management got hacked and the information of 4 million federal government workers was exposed. This is of course, horrible. But it’s not all: On Friday we learned that the issue at hand was huge and much bigger than everyone believed at first.

As can be read in a letter to OPM Director Karen Archuletta, David Cox, the president of the  American Federation of Government Employees, believes that “based on the sketchy information OPM has provided, the Central Personnel Data Files was the targeted database, and the hackers are now in possession of all personnel data for every federal employee, every federal retiree, and up to one million former federal employees.”

Cox goes on and says that the thinks the hackers have the Social Security number, military records and even veterans status’ information of every affected person. Addresses, birth dates, job and pay histories, health and life insurances and pension information, age, gender, and almost everything else you’d never want anyone else to know are included on his list as well.

Sounds bad? It’s not all. The letter states: “Worst, we believe that Social Security numbers were not encrypted, a cybersecurity failure that is absolutely indefensible and outrageous.”

I bet they now wish that “only” 4 million records got stolen … :(

The post OPM: Are Personnel Records of All Fed Workers Exposed? appeared first on Avira Blog.

Avast Data Drives New Analytics Engine

Did you know that Californians are obsessed with Selfie Sticks from Amazon.com? Or that people in Maine buy lots of coconut oil?

Thanks to Jumpshot, a marketing analytics company, you can find this information – as well as more useful information – by using the tools available at Jumpshot.com.

What may be most interesting to you is that Jumpshot is using Avast data to drive these unique insights. We provide Jumpshot with anonymized and aggregated data that we collect from scanning the 150 billion URLs our users visit each month. Using Jumpshot’s patent-pending algorithm, all of the personally identifiable information is removed from the data before it leaves Avast servers. Nothing can be used to identify or target individuals. Avast COO Ondřej Vlček explains the data stripping algorithm in an Avast forum topic.

Jumpshot infographic showing Amazon.com shopping cart values and the most popular products by state. Anonymized Avast browser data was used to create this information. Click here to see the full infographic.

Jumpshot infographic showing Amazon.com shopping cart values by state. Anonymized and aggregated Avast browser data was used to create this information. Click here to see the full infographic.

Data security, of course, is very important to us. We go to great lengths to keep our users safe, and have never shared any data that can be used to identify them. We never have and never will.

We are aware that some users don’t want any data – no matter how generic and depersonalized it is – to be used in market analysis. This is why we clearly state during the installation of our products what information we collect and what we do with it, and offer our users the ability to opt out from having that data collected. We believe we are unique in our industry in offering an opt-out, but we do so because we respect that choice to be our users to make, not ours. We’re grateful that more than 100 million of our users, when given a clear choice, have chosen not to opt out, and we thank you.

The foundation of our business is trust, and trust only exists with honesty.

We have always strived to have an honest relationship with our users, and we will continue to do so. Currently we do not make any money from this relationship but it is an experiment as to whether we can fund our security products indirectly instead of nagging our users to upgrade. As most people are aware, most all products we use every day—Chrome, Facebook, Firefox, WhatsApp, Gmail, etc.—are indirectly funded by advertisements. In most cases though, the products directly examine what users are doing and provide them targeted advertisements. Although we suspect some security companies are doing this, we do not believe it is the proper approach. Instead, we think that this anonymized, aggregated approach is much better to maintain the trust relationship that we think is so important between us and you, our loyal users.

As always, thank you for your support and patronage. Together we continue to make the Internet a safer place for all of us.

Millions of Android Phones Fail to Purge Data

That basically means that your login data, mails, contacts, SMS, images, and videos can be retrieved at least partially. Not even a Full-disk encryption is of much help here: The flawed Android factory reset leaves behind enough data for the key to be recovered.

The study unveils five critical failures:

  • “The lack of Android support for proper deletion of the data partition in v2.3.x devices
  • The incompleteness of upgrades pushed to flawed devices by vendors
  • The lack of driver support for proper deletion shipped by vendors in newer devices (e.g. on v4.[1,2,3])
  • The lack of Android support for proper deletion of the internal and external SD card in all OS versions
  • The fragility of full-disk encryption to mitigate those problems up to Android v4.4 (KitKat)”

The researcher examined 21 Android phones that used version 2.3.x to 4.3 of the OS and were sold by five different vendors. Apart from being able to recover said data, they could also recover Google authentication tokens: “We recovered Google tokens in all devices with flawed Factory Reset, and the master token 80 percent of the time. Tokens for other apps such as Facebook can be recovered similarly. We stress that we have never attempted to use those tokens to access anyone’s account.”

So what to do if you want to sell your mobile? The study recommends filling up the partition of interest with random-byte files, to overwrite all unallocated space. In order for this to work you would have to install the third-party app that would fill the partition manually though because otherwise the Google credentials stored on the file system would not be erased.

Take a look at the study to find out more.

The post Millions of Android Phones Fail to Purge Data appeared first on Avira Blog.

Wise up and get smarter with your data

Most of us can agree that we don’t want our personal data falling into other people’s hands. This may seem like an obvious concept, but with the amount of data we regularly share online, it’s not such an uncommon occurrence that our information is wrongfully passed onto others. In this clever video published by Facebook Security, we learn how to nip scams in the bud and prevent others from tricking us into sharing personal information.

// <![CDATA[
(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = “//connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.3”; fjs.parentNode.insertBefore(js, fjs);}(document, ‘script’, ‘facebook-jssdk’));
// ]]>

Ever had someone approach you online saying they are a foreign prince and asking for your personal information? Watch…

Posted by Facebook Security on Monday, May 18, 2015

In order to keep your personal data secure, make sure to practice the following:

  • Shred all personal documents before throwing them away. This is especially important when dealing with bank statements and bills.
  • Be mindful of what you post on social media and other online forums.
  • Choose your passwords carefully. Keep them diverse and don’t use the same password for each of your accounts.
  • Use security software on all of your devices and make sure that it’s up to date.

How to spot a hacker before it’s too late? As the video’s narrator warns, “Beware of anyone requesting your personal data or money, whether over the phone, via email or online. They may pretend to be a romantic interest, a family member in trouble, or even a foreign prince – odds are, they’re not.”

 

Your SMB’s Biggest Security Threat Could be Sitting in Your Office

This article is a re-print from the April 1, 2015 edition of Silicon India.

Educate your employees about data security.

Careless employees, not hackers, are the biggest threat to your company’s data security.

Security threats are evolving quickly, making it difficult to pinpoint just one threat that is currently affecting small and mid-size businesses.

From the threats we have observed in the past and the ones we anticipate for the future, we have learned that while malware can be damaging to businesses, so can human decisions. This makes it vital for small and mid-size business owners to discuss possible threats with their employees and share basic IT guidelines with them, but more importantly, to implement a strong security solution that holds up dangers before they become a real threat.

Taking Advantage of Human Nature: Social Engineering

Hackers understand that it is human nature to make mistakes, which is why they often turn to social engineering. Social engineering is a tactic that tricks people into revealing their personal information, like log in details, or into performing actions, like downloading malware disguised as an attachment or link.

Phishing emails are a popular form of social engineering that can easily sneak their way into your employees’ inboxes, disguising themselves as yet another offer, promotion, or even customer, if you do not have anti-phishing protection. Phishing campaigns come in many forms; they can either use scare tactics to make people believe they are in trouble or that they have won a prize.

In the last few months we have seen Trojans like Pony Stealer and Tinba make their rounds. Both Pony Stealer and Tinba attempted to convince people they owed money and to download an invoice, which was of course not an actual invoice, but a Trojan.

Falling for phishing scams can have devastating effects on businesses; they could not only steal personal information, but also attack Point of Sale (PoS) systems to steal customers’ financial information, thus not only affecting the business itself, but its clients as well.

Lack of security awareness: Beneficial for hackers, bad for your business

Not taking proper security precautions, like choosing weak passwords or ignoring security updates, is another human flaw cybercriminals like to abuse to access accounts and networks. To gain control of a system, hackers can enter common or weak passwords or simply look up hardware’s default administrative log in credentials.

Neglecting to update software is another gateway for hackers, leaving vulnerabilities and loopholes wide open for them to take advantage of. Similarly, connecting to public and open Wi-Fi connections while on a business trip is like sending hackers a personal invitation to snoop around your business.

India’s SMBs are getting technology ready – hackers are getting ready, too

According to Indian consulting firm, Zinnov, 20% of India’s 50 million small and mid-size businesses are technology ready. Cybercriminals will take note of this and are probably preparing plans at this very moment, which is exactly what you should do, too.

Set up basic security guidelines for your employees, teach them about possible threats and make sure they understand how imperative their role plays in securing your business. For example, your employees should be encouraged to choose strong passwords for their devices and accounts, to keep their software updated – if that’s not what you manage centrally – and to use a VPN when connecting to unsecure wireless networks.

You cannot, of course, rely solely on your employees to protect your business – humans innately make mistakes. To protect your business and to provide your employees with a safety net, you need to have a proper business security solution. Small to mid-size businesses should look for security solutions that include anti-phishing, firewall to control network traffic, and server-side protection. If employees are required to travel frequently, it also makes sense to implement a VPN solution on their laptop, smartphone, and tablet. If connecting to open Wi-Fi at an airport, hotel or café, a VPN can be used to encrypt valuable business data and protect it from hackers.

As humans do make mistakes, you cannot rely on your employees to implement and manage the security solution themselves. It is recommendable to choose a solution that empowers you to remotely manage the security on your employees’ computers.

Whether your business is a two-man show, or an army of 2,000, awareness, paired with the right security technology are essential.

Top Threats to Business Data in 2015

Around 1,000 delegates at the NexGen Cloud Conference in San Diego last week heard Tony Anscombe give some valuable insight into the partner opportunity for the Internet of Things.  The good news for our service provider partners is the opportunity is huge. Our recent Monetization of IoT study shows that around three fifths (62 percent) of small businesses has budget specifically assigned over the next 12 months for the development of IoT solutions.

On this evidence 2015 is shaping up to be an important year for IoT investment.  Engaging with IT providers on NextGen Cloud matters is just one component of what’s to come. The other part concerns the immediate future for their small business customers and the ever changing threat landscape.

With that in mind, here are my top threats to watch for in 2015:-

More ransomware

The latter part of 2013 was notable for a spate of ransomware attacks on small businesses. This has continued in 2014 and we are likely to see more instances in 2015. Ransomware, like the infamous CryptoLocker, encrypts or locks personal files on your machine and extorts a ransom to recover them.  To avoid falling victim, businesses should use reputable antivirus software, avoid risky downloads, educate staff and keep security software/operating systems regularly patched and updated.

 

Advanced Persistent Threats (APTs)

Cybercriminals are increasingly focusing their attacks on small businesses.  APTs are a relatively new class of malware developed by cybercriminals to steal passwords, logins and customer data.  They are purposely designed to gain a foothold in the business and remain there undetected for a prolonged period of time.  To counter this businesses require an equally sophisticated approach to defense that includes protection from risks in mobile communications and Cloud services as well as traditional networks.

 

Password-related breaches

As Cloud services and the Internet of Things become part of everyday business life password management is going to become a hot issue.  We saw a good example of this in the news last month where streaming images from thousands webcams and CCTVs around the world ended up on a Russian website simply because they had default passwords or no log-in codes at all.   Many of the images were taken from business CCTV equipment.  Until companies learn to manage their passwords efficiently we can expect to see a lot more of this kind of incidents.

 

Mobile threats

Not so long ago it was probably quite natural for your Apple®-loving colleagues to congratulate themselves for using the relatively threat-free Macintosh platform. But the tide is turning.  The prevalence of iPad® and iPhone® mobile devices in the office has turned the Apple operating system into a prime target. Last month we saw reports of a new combination of malware that infects Apple’s OS®X and iOS® mobile devices called the OSX/WireLurker Trojan.  Android™ too is subject to attack. You may have seen recent news reports about a new variant of Android malware called NotCompatible that uses spam email blasts and compromised websites to infiltrate secure company networks.

 

In summary, the outlook for business security threats is one of increasing diversity.  At the same time more IoT devices and Cloud services are coming on stream. Our study strongly indicates that small businesses are ready to spend on ways to simplify how things are kept up to date, secure and monitored in 2015.

iPhone®, iPad® and Apple® are trademarks of Apple Inc., registered in the United States and other countries.
Android™ is a trademark of Google Inc.