People are unsuspectingly selling their personal information to complete strangers as a new report from CPP finds half (54 per cent) of second hand mobile phones contain extensive personal data.??
Second hand mobile phones and SIM cards purchased on eBay and used electronics shops by company CPP were examined in a live experiment to see what personal information was available on the handsets and whether it constituted a threat to their former owners’ identities.??The experiment showed 247 pieces of personal data, that had been carelessly left on a range of mobile phones and SIM cards. The personal data included credit and debit card PIN numbers, bank account details, passwords, phone numbers, company information and log in details to social networking sites like Facebook and LinkedIn. ??In research that supported the experiment, half of second hand mobile owners said they have found personal information from a previous owner on mobile phones and SIM cards they have purchased second hand.??Most (81 per cent) of people claim to have wiped their mobiles before selling them, with six in ten confident they have removed all of their personal information from them. However, the experiment suggested that 54 per cent of mobile phones and SIM cards contained sensitive personal information putting people at unnecessary risk of identity and card fraud.??
The variance could be explained by the fact that most people who claimed to have ’wiped’ their handsets tried to erase the data manually – a process that security experts acknowledge leaves the data intact and retrievable.??And it seems personal information comes cheap with individuals selling their old handsets and SIMs for an average price of £47.??As people rely heavily on their mobile phones to store personal data such as e-mail addresses, social networking log in details, banks account details and even debit and credit card PIN numbers, CPP is calling on people to make sure they remove all of their personal and financial information from their mobile phones and undertake adequate security measures to protect themselves from identity theft.??From CPP, Danny Harrison said: “This report is a shocking wake up call and shows how mobile phones can inadvertently cause people to be careless with their personal data. With the rapid technology advancements in the smartphone market and new models released by manufactures multiple times a year, consumers are upgrading their mobiles more than ever and it is imperative people take personal responsibility to properly manage their own data.??
“If they do sell or recycle them online or even give them to friends and family, they need to ensure they remove all their personal information thoroughly and consider the serious consequences of not doing so.”??
Senior Vice President of CRYPTOCard Jason Hart, who was commissioned by CPP to carry out the experiment said: “The safest way to remove all of your data from a mobile phone or SIM card is to totally destroy the SIM and double check to ensure that all content has been removed from your phone before disposal. With new technology does come new risks and our experiment found that newer smartphones have more capabilities to store information and that information is much easier to recover than on traditional mobiles due to the increase of applications.”??
CPP’s tips on wiping your mobile phone of personal information:?
1. Restore all factory settings – this is the first step that you should take as it is the easiest precaution before disposing of the unit, but factory resets are far from permanent so follow steps 2 – 4 to protect your data?2. Remove your SIM card and destroy it ?3. Delete back-ups – even if your smartphone, PDA or laptop data is securely removed from the mobile device, it can continue to exist on a back up somewhere else?4. Log out and delete– make sure you have logged out of all social networking sites, emails, wireless connections, company networks and applications. Once you are logged out make sure you delete the password and connection?5. Various passwords – avoid using the same ID/password on multiple systems and storing them on your mobile phone, if you are going to store them on your phone use a picture that reminds you of the password?6. If you are selling on your phone ensure you ask for it to be wiped to be on the safe side?7. Don’t store vast amounts of personal information on your mobile phone / SIM?8. Make sure you check your bank statements regularly to monitor for suspicious transactions?9. Remember the Golden Rule: Identity thieves are experts at spotting an opportunity to steal your identity and only need a few personal details?10. If you want more information on how to protect yourself or see how these experiments worked??
Research methodology??
ICM interviewed a random sample of 2011 adults aged 18-plus online between February 16 and 18, 2011. Surveys were conducted across the country and the results have been weighted to the profile of all adults. ICM is a member of the British Polling Council and abides by its rules. Further information at http://www.icmresearch.co.uk ??
A live experiment was also carried out in February 2011. Ethical hacker Jason Hart was commissioned by CPP to conduct a number of reviews relating to the data contents of re-sold mobile devices used and SIM cards within the United Kingdom with the objective of the review being:
Understand if sensitive information has been left on resold mobile devices
Understand what type of information is stored
To see if information can be recovered from resold mobile devices even if the mobile device has been deleted by using software freely available on the internet
Understand what information can be found on used SIM cards
To see if it would be possible to use any information found to on a mobile device and or SIM to conduct any form of identity theft against the original owner of the device and or SIM.
?35 second hand mobile phones and 50 SIM cards were analysed using the following techniques:
A mobile phone SIM Reader (a standard SIM reader that can be purchased from most electric stores)
SIM recovery software
Forensic examination software – mobile forensic software that analysis mobile phones, smartphones and PDAs for data.
