Android devices are popular targets for cybercriminals using malicious malware in order to access users’ sensitive information. Now, researchers have unveiled another red flag for Android users and the security of their data.
Researchers from security firm Pen Test Partners tested multiple second-hand devices purchased from auction sites, such as eBay, after running a factory reset.
However, in almost every instance, researchers discovered that it was possible to recover the ‘deleted’ information, often times finding that the reset simply removed the data’s archive entry while the data was still hidden on the device.
In particular, the flaw was present on Tesco’s Hudl tablet, which gave access to data saved on the device’s onboard memory. Ken Munro, Pen Test Partners researcher said the security flaw came from the devices firmware and allowed him to easily read data from the reset tablets using a freely available software tool.
Munro was able to extract Pin codes to unlock the devices, as well as Wi-Fi passwords, cookies and other browsing data that could potentially allow anyone to sign in to a website as the device’s original owner.
In response, a Tesco spokesperson said, “Customers should always ensure all personal information is removed prior to giving away or selling any mobile device. To guarantee this, customers should use a data wipe program.”
Google, Android’s operating system developer, also added that anyone selling a used gadget should follow these steps to protect their information:
“If you sell or dispose of your device, we recommend you enable encryption on your device and apply a factory reset beforehand,” said the spokesperson.
Read More Here…