More than 135 Million modems around the world are vulnerable to a flaw that can be exploited remotely to knock them offline by cutting off the Internet access.
The simple and easily exploitable vulnerability has been uncovered in one of the most popular and widely-used cable modem, the Arris SURFboard SB6141, used in Millions of US households.
Security researcher David Longenecker
A year and half ago, Avast mobile security researchers bought 20 used phones from online consumer-to-consumer sites, like eBay and Amazon, in the USA. Using easily available recovery software, they were able to access more than 40,000 personal photos, emails, and text messages.
Since then, smartphone technology has progressed and numerous educational articles have been published to inform people about cleaning their phones before selling, so we wanted to see what would happen if we did a similar experiment now. This time, our researchers bought phones from pawn shops: Five devices each in New York, Paris, Barcelona, and Berlin — and again, used widely available free recovery software to detect the data found on the devices.
Install Avast Anti-Theft from the Google Play Store for free
Because all the phones in this experiment came from pawn shops, Avast researchers were able to consult with the shop owners prior to purchasing the phones. Each shop owner assured them that the phones had been factory reset and that all data from previous owners was wiped clean. Avast found otherwise. Twelve of the supposedly clean phones were not clean at all.
Avast retrieved more than 2,000 personal photos, emails, text messages, invoices, and one adult video from the phones that the prior owner assumed was deleted. On two of the phones, the previous owners had forgotten to log out of their Gmail accounts, risking having the new owners read or send emails in their name.
Avast researchers were able to recover the following files from the 20 phones:
Of the phones that were factory reset, 50 percent still contained personal data because the previous owner was running an outdated version of Android that had an improperly functioning factory reset feature. Some of the previous owners only deleted their files without doing a factory reset. However, this doesn’t mean that the files were removed completely – only the reference to the file was deleted. Other phone owners simply forgot to delete their data or do a factory reset. The possibility that some of these phones were lost and not wiped clean of data before they arrived at the pawn shop also exists.
Scenarios such as these highlight both the responsibility of shop owners to properly wipe and reset phones prior to sale, and also the need for phone owners to utilize anti-theft software in the chance their phone is lost or stolen, in order to remotely wipe the data.
“New Android phones are pretty safe when it comes to the factory reset, but used phones with older Android versions that have a less thorough reset feature are still being sold,” said Gagan Singh, president of mobile at Avast Software.
If you are selling a phone with an older version of Android (version 4.3 is the last one where factory reset did not work properly for some devices), then you cannot depend on the factory reset to ensure your personal data is wiped clean. Deleting files from your Android phone before selling it or giving it away is also not enough. You need to overwrite your files, making them irretrievable. To do so, install Avast Anti-Theft from the Google Play Store for free.
Your mobile device must be connected to your Avast account at https://my.avast.com. Linking your device to your Avast account also allows you to remotely wipe your phone in case it’s stolen or lost.
The final step is to wipe the phone clean, which will delete and overwrite all of your personal data.
Once the app is installed, turn on the WIPE command within the app.
Avast Mobile Security is at Mobile World Congress in Barcelona in Hall 8.1 (App Planet), Booth H65 this week, until February 25. Please stop by if you are around.
A year and half ago, Avast mobile security researchers bought 20 used phones from online consumer-to-consumer sites, like eBay and Amazon, in the USA. Using easily available recovery software, they were able to access more than 40,000 personal photos, emails, and text messages.
Since then, smartphone technology has progressed and numerous educational articles have been published to inform people about cleaning their phones before selling, so we wanted to see what would happen if we did a similar experiment now. This time, our researchers bought phones from pawn shops: Five devices each in New York, Paris, Barcelona, and Berlin — and again, used widely available free recovery software to detect the data found on the devices.
Install Avast Anti-Theft from the Google Play Store for free
That basically means that your login data, mails, contacts, SMS, images, and videos can be retrieved at least partially. Not even a Full-disk encryption is of much help here: The flawed Android factory reset leaves behind enough data for the key to be recovered.
The study unveils five critical failures:
The researcher examined 21 Android phones that used version 2.3.x to 4.3 of the OS and were sold by five different vendors. Apart from being able to recover said data, they could also recover Google authentication tokens: “We recovered Google tokens in all devices with flawed Factory Reset, and the master token 80 percent of the time. Tokens for other apps such as Facebook can be recovered similarly. We stress that we have never attempted to use those tokens to access anyone’s account.”
So what to do if you want to sell your mobile? The study recommends filling up the partition of interest with random-byte files, to overwrite all unallocated space. In order for this to work you would have to install the third-party app that would fill the partition manually though because otherwise the Google credentials stored on the file system would not be erased.
Take a look at the study to find out more.
The post Millions of Android Phones Fail to Purge Data appeared first on Avira Blog.
