Privacy at risk: Testing wiped smartphones for data
Ross McLaughlin and Sandra Hermiston, CTV Vancouver
Published Monday, May 1, 2017 6:00AM PDT
Last Updated Monday, May 1, 2017 2:33PM PDT
Millions of smartphones are traded in, sold or recycled each year. So how can you ensure none of your personal data is left on those discarded phones? If you think you’ve wiped your data clean by simply resetting the phone, think again.
The McLaughlin On Your Side team got our hands on a dozen old Android, Blackberry and iPhone smartphones. Two were purchased from a used cellphone store, one was bought off Craigslist, and the rest were old phones that had been used by Ross McLaughlin and other CTV staff.
We then took them to the security experts at Fortinet who put them to the test.
“When you do a reset the operating system just unlinks data, it’s not physically wiping out all of the data,” explained Derek Manky, Fortinet global security strategist.
That means old photos, documents and personal information that may have been erased, could be easily recovered.
And sure enough, using a free app to recover data, the Fortinet team was able to find old photos and personal data on one of the old Android phones, belonging to Ross.
"They're never truly deleted off of the drive," explained Manky.
We wipe the phone again with the factory reset options. And again, the free file recovery app is able to reconstruct the data, finding an old TV script from December 2011 among the files.
So what's the problem?
Turns out it's not been encrypted and Manky says older phones are vulnerable. With older versions of Android operating system, like version 4 and 5, you need to manually encrypt them.
To do that you need to go to the security settings and scroll down to encryption. Choose the SD card plus the internal phone storage and lock it down with a PIN.
The Fortinet team wasn’t able to find anything on the old iPhones because data stored on iPhones is encrypted by default.
And the phones from the resellers were clean too. However, finding data on old phones like McLaughlin’s Android is not uncommon.
“People have a false sense of security way too often I find," said Manky.
Newer Android phones now have mandatory encryption but you always need to make sure you lock it down with a secure PIN or password to secure it.
Also the security experts say Android phones tend to be hit more vulnerable to malware with about one in five being affected. That’s because Android phones dominate the global market and hackers tend to write malware programs that target those systems. Be careful about downloading third party apps and loading unfamiliar websites. You might even want to consider running anti-virus software on your phone.