AfterDawn: News

Avast: Android's built-in factory reset option will not wipe your phone properly

Avast, the makers of security products for mobile and desktop devices, are claiming that Android's built-in factory reset option does a poor job of really deleting your personal information.

Potentially hundreds of millions of Android users have used the option to wipe their phone before selling it, donating it, or trading it in for a new upgrade, which leaves a scary amount of data out there.



The security firm purchased 20 used Android smartphones from eBay and was able to recover 40,000 photos (including 250 nude selfies of men and 750 of nude or partially nude women), 750 emails and texts, 250 contacts and even the identities of four of the owners.

Avast mobile division president Jude McColgan says the resets are only "at the application layer" while "users thought they were doing a clean wipe and factory reinstall" that should have removed all of their data from the disks. The company used easily accessible forensic tools and drive imaging programs like FTK Imager to recover the data.

In their report, the company added: "Although at first glance the phones appeared thoroughly erased, we quickly retrieved a lot of private data. In most cases, we got to the low-level analysis, which helped us recover SMS and chat messages." Of course, there are not too many people out there that would know to use drive imaging programs to recover wiped data from a phone they bought on eBay, but the implications are terrifying for those that do. Avast does recommend their own Mobile Security application with Anti-Theft app (for free) for those that want a more secure erase.

Source:
Avast

Written by: Andre Yoskowitz @ 9 Jul 2014 20:04

• Previous article

• Microsoft Kinect for Windows v2 goes up for pre-order at $199, ships 7/15

• Next article

• Dish Network: Say no! to the proposed Comcast-Time Warner Cable deal

• 3 comments

• Mez

  What a surprise!!!
  
  Security community has made a formal warning to the US FTC about how sloppy IoT security and testing is. They warned there is no formal testing for most smart devices and even less security. They claimed that they were an extreme danger to the world, and especially for the users. They were very alarmed that medical devices that if they malfunction can kill the user don't receive anymore testing than a security camera. They also warned users will not have a choice to buy a dumb device. Large screen TVs are already there. The security expert wanted a dumb vary large screen TV because of the extreme security risk of buying a smart TV. There were none available in the screen size she wanted.
  
  You can assume your smart phone is infected.

  11.7.2014 11:18 #1

• nimd4

  Originally posted by Mez: What a surprise!!! Gah, IKR. They're able to release this alpha/beta software, in part because there are SO many that make similar things (not 100% sure what I'm aiming at :))
  
  Wish there'd be a developer to put a stop to all that - like when the Dreamweaver set a standard for web-development software (you know, just something unbeatable).
  

  Z68A-G43 (G3) - i7-3770 - Vengeance 2x4GB 2133MHz - GTX 650 Gainward - WD 1TB 64MB SATA - Win7 Pro/64 SP1 / Trusty Xfce AMD64

  11.7.2014 14:47 #2

• Mez

  One of the things they were pushing for was a library of well tested routines that companies could purchase. They also need a way to detect and clean infections. The stumbling point there is most of these chips are made in China and their is evidence that may suggest the devices are designed to harbor malware and include hardware making them effective attack devices. The bigger question are these random acts by rouge engineers or are these company or government sponsored projects.
  
  I don't have a recent version of Dreamweaver C5) butit used to pretty much force you into keeping FTP login info in the app. Botnets target Dreamweaver to get that info and take over your web sites.

  15.7.2014 13:53 #3