For peace of mind, we all look to perform a factory reset on mobile phones when we part with our beloved handsets. Whether it’s to remove sensitive information and personal details before trading in, or to wipe the device to free up space before passing onto a friend or family member. However, have you ever considered just how extensive this option is for wiping data? Despite what appears to be a thorough manual deletion, it’s still possible to recover the likes of photos, apps and even Google searches. With data being so sought after by cybercriminals nowadays, it’s imperative to make sure there is no residual data on the device.
The fact that your data may fall into the wrong hands is a frightening, but very real possibility. Mobile devices have become woven into the fabric of our lives, with the vast majority of us choosing to store sensitive personal information on them, whether that’s pictures of our friends and family, private email messages, passwords to access our online banking services – the list goes on. Additionally, we’ve seen a significant increase in the number of people using the same handset to store sensitive business information, without due regard for the security ramifications if they were to lose that device.
With incentivised trade-in and buyback programs being increasingly offered both by the likes of online recycling sites and the retailers themselves, the need to thoroughly and effectively wipe the device is imperative. In fact, with hundreds of millions of devices expected to be traded by 2018 [PDF], flaws in smartphone sanitisation functions will become an increasingly severe threat with regards to privacy, unintentional data loss or theft.
Consumers may believe that a simple wipe or reset of the mobile device done at home or even in-store will permanently delete all data. However, tests now prove that conventional methods of wiping the phone of all its content have been woefully inadequate. For example, according to Laurent Simon and Ross Anderson from the University of Cambridge, it is estimated that up to 500 million devices may not properly sanitise their data partition where personal or sensitive information may be stored. The vast majority of current legacy wipe standards were designed for computer hard drives and, therefore, are not relevant or effective to the smartphone world. Rather, they should now meet stringent National Institute of Standards and Technology (NIST) Purge standards – the highest standard of wireless device data erasure –to help ensure that all personal data on the device is unrecoverable, even by forensics software.
As we change devices with increasing frequency, meeting these standards is now more pertinent than ever as consumers are now offered a continuous flow of handset upgrades and an incentive to part with their old handsets by mobile retailers, exaggerating the need for phone wiping to be thorough. In fact, mobile retailers suggest that prior to trading in or selling your phone that you perform a full factory reset. In relation to Android retailers specifically, 90 per cent recommend the default factory reset function, which simply isn’t thorough enough and leaves residual data on the device.
There are numerous and more stringent methods which should be considered when looking to sanitise a mobile device. However, even before you plan and attempt to wipe a device, data encryption is a vital part of keeping information safe. Using appropriate encryption technology will cause the data on the device to be ‘scrambled’, meaning that even if the wipe doesn’t fully delete all of the data, the residual information left on the device will be encrypted and need a special ‘key’ to unscramble it. A further safeguarding step, if the device supports it, is enabling ‘Full Disk Encryption’ (FDE) on the first use of the handset. This helps ensure the most effective and thorough wipe of the phone when seeking to sanitise it at a later date. Alternatively, loading the device with “fake data” may appeal to the average device user. Loading fake photos and contacts onto a device and then carrying out a full factory reset of the device will make it even harder for individuals to get access of the real data, as it will be buried below and among the “fake data”.
With mobile devices underpinning everything we do at home and at work – this enhanced connectivity has attracted heightened attention from criminals focused on physically stealing and infecting our mobile devices with malware. Consequently, there is now an abundance of anti-virus support and apps available for smartphones which often have built in “remote wipe” features in the event that your device is stolen. However, this method of wiping is not the same as ‘sanitising’ and should only be considered a last resort when your device has been misplaced or stolen.
In light of this, solutions are on offer that deliver a thorough and effective wipe of data. Advanced technology enables vendors and retailers to provide easier and efficient mobile device customer service, ensuring the original owner of the handset is left with peace of mind all personal and sensitive data is removed from the device. In turn, this helps mobile retailers to distinguish themselves from the rest of the pack, giving them a competitive edge.
Wiping your phone is imperative – there’s no two ways around it. There is currently a debate as to what method is the best and most extensive. However, regardless of this, there is no argument when it comes to the importance of making sure there is no residual data left on the device, no matter the situation, as the repercussions are far too harmful to be gambled with.
Adrian Schofield sheds light on tech in South Africa
Mark Chillingworth on IT leadership