Deleting the Invisible Footprint
Recently, there has been a great awakening in the media about user’s sensitive data being left on everyday devices such as smart phones, tablets and notebooks.
If your Smartphone, Tablet or hard drive has long passed its prime and you plan on selling it or passing it on, you need to make sure you permanently erase your data from it.
A recent study found that a 60% of all second hand devices are sold without scrubbing the data on it. While this might seem like a minor mishap at first, it actually poses a serious security risk for the seller if the device falls into the wrong hands. There are many recovery tools out in the market place than can easily retrieve sensitive files containing social security numbers, passwords or bank account information within minutes.
With our recent interview with data recovery experts in Sydney, we were advised that when a data recovery process was performed on customers hard drive, USB stick and SSD, customers were shocked with the results and surprised to see that some or all of the recovered content included files, pictures etc. which had been removed and erased some years ago.
As you’re probably aware with standard hard drives, data isn’t really erased when you delete something; however the internal flash memory in your smartphone isn’t quite the same. Because it’s not a magnetic storage medium, the methods used to recover data on an old hard drive won’t be the same as tools to pull from your phone.
To prevent this from happening, it’s also a good idea to consult specialised removal programs that can securely wipe possibly compromising information from your hard drive, laptop, smartphone, tablet, USB stick or SSD.
That being said, for most of the average user’s needs, any current smart phone already has the tools built in to securely erase your phone’s data.
For iOS users, your job is pretty simple. The iPhone has built-in options that securely erase your phone. On old phones, it goes through a long secure erase process, but on the iPhone 3GS and iOS 3.0, Apple moved to hardware encryption on its phones. From that point on, all data you store on the internal storage (which, aside from anything on the SIM card, is everything) is automatically encrypted. Your phone uses a device-specific key that’s never stored anywhere but your handset.
When supported iOS devices wipe your phone, what’s really happening is that the hardware specific encryption key is securely wiped. Everything else on your phone is left an unintelligible mess, even if someone were to use a fancy forensics lab to physically examine the memory chips which 99% of you will probably never have to deal with.
Android phones are set up a little differently from iPhones, and they vary somewhat from manufacturer to manufacturer. However, in general the default options are mostly secure. With Android, you have two options for wiping your phone:
(a) Factory reset (located in different places depending on your phone, but should be under something like “Backup & reset”) which will wipe everything you’ve ever stored in any user-accessible area of storage. For most people, this will be enough to ensure that no one will be able to access data you’ve ever stored.
(b) Enable encryption, Android encryption is not done on a hardware level, and if you want to have your phone encrypted, you’ll need to enable it manually in Settings. This process will take a while and, from then on, you’ll need to enter a PIN when you first boot your phone (not to be confused with your lock screen PIN). It can also cause some slight performance decreases, so keep that in mind. This process also can’t be reversed without wiping your phone, so consider carefully before you commit.
Alternatively, there’s the ultimate security tool if you’re worried about someone pulling data from your phone: don’t sell it.
by Bekir Kilic