Cell phones, tablets, hard drives and even memory cards often contain data of our life of extreme relevance, and at the same time often become a currency. The cybersecurity firm Rapid7 carried out an experiment whose result left exposed the imprudence of the average user, since it determined that anyone who buys that device can access the data it stores, many of them private.
Cybersecurity consultant Josh Frantz revealed the amount of private and sensitive data that discarded electronic devices store. To test his theory, he acquired 85 electronic devices in 31 second-hand stores in Wisconsin (United States) to analyze them later, as detailed in the Rapid7 blog.
A revealing experiment
With a budget of 600 dollars, the researcher bought 41 PCs, 27 memory cards, 11 hard drives and 6 cell phones. Once acquired, the consultant set out to extract the information that was found in them.
Frantz took to analyze all the devices and to store all his information in a USB; Of the 85 terminals analyzed, only one Dell computer and a 20GB Hitachi disk had been successfully deleted, and only three computers were encrypted.
Among the information obtained there were 214,019 images, 3,406 documents and 148,903 emails, from which it was possible to extract 611 email addresses, 50 dates of birth, 55 Social Security affiliation numbers, 19 credit card numbers, 6 license numbers of driving and 2 passport numbers.
Most of the credit card numbers, as well as both of the passports, were obtained from scanned images, as the cybersecurity consultant pointed out.
At the end of this experiment, which took six months of work, the investigation revealed that users do not spend time deleting the data and that many companies do not comply with their guarantee to erase data from the devices that people give them.
Therefore, Frantz warns that when you give away or sell any electronic device that will not be used anymore, it is necessary to make sure that all the information has been effectively deleted and can not be recovered.
It also explains that completely destroying the equipment, through incineration, acid or even thermite – an aluminum composition and a metal oxide that produces a pyrotechnic reaction – guarantees the elimination of the data. But without having to resort to such extreme measures, he says that “normally it’s enough” with “erase your device”.
For this process, in the case of computers, it is recommended to use DBAN to erase any type of hard drive. On the other hand, for solid state disks or multiple raid disks, it is advisable to use PartedMagic.
But if it’s about cell phones, those with the Android operating system have the “Restore factory settings” function from the Settings section. Just follow the instructions of the team and wait for it to turn on again. When it is restored, the option to reconfigure it will be displayed; that means that it was correctly formatted.
For iPhone, for example, you must first log out of iCloud, the iTunes Store and the App Store. If the device uses the iOS 10.3 or later operating system, you must enter Settings> [your name] and touch Sign out. Then you will enter the password for your Apple ID and Deactivate. Finally, you have to go into Settings and touch General> Reset> Delete content and settings.