kpix-7-2013-masthead kcbs 7-2013-masthead

ConsumerWatch: Used Smartphones Retain Loads Of Personal Data

View Comments
iPhone

(Photo by KIM JAE-HWAN/AFP/Getty Images)

(CBS 5) – Smartphones, as sophisticated as any laptop or desktop computer, are also just as thorough in retaining all sorts of personal information that can be mined by others who buy a used phone.

We are entering all kinds of extremely sensitive data on these hand held devices which can present security risks.

McAfee security expert Robert Siciliano of Boston tested the amount of personal information left on smartphones people thought they had stripped before putting them up for sale.

“What we found was surprising. People left their entire digital lives on mobile phones,” he explained.

All the big brands were tested, including Blackberries, iPhones, and Androids.

On eBay and Craigslist, he bought 30 used devices. “We found Social Security Numbers, user names, passwords, bank account information, credit card numbers, and lots and lots of porn. We found all kinds of files that would allow us to either take over an existing account, or open up a new account in that person’s name to steal their identity,” said Siciliano.

All of this was accomplished using relatively routine software anyone could obtain online. “Similar for anybody that has the skills to use Microsoft office products,” according to Siciliano.

Most consumers know to remove the SIM card and the SD card when retiring a phone. Although those moves are critical, they are not enough.

The phone manufacturers will also tell you to go to your “Settings” and restore “Factory” settings. But even that yielded mixed results for Siciliano. “While Blackberry did a fantastic job, so did the iPhone. Android didn’t. We found a ton of information on Android phones,” said Siciliano.

In the past, Siciliano has sold his old devices, but that won’t happen again. “I will destroy that device before I give my identity away for $50.”

(Copyright 2012 by CBS San Francisco. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed.)

View Comments
blog comments powered by Disqus
Follow

Get every new post delivered to your Inbox.

Join 53,826 other followers