Used smartphones and PDAs for sale on eBay are loaded with sensitive personal and corporate information ranging from banking records to text messages and corporate emails that can be easily retrieved by hackers and data thieves, according to a sampling by mobile security software provider Trust Digital.
Trust Digital engineers recovered nearly 27,000 pages of personal, corporate, and device data from nine of 10 mobile devices purchased through eBay for the project, including a smartphone sold by an employee of a major corporation. The salvaged data included personal banking and tax information, corporate sales activity notes, corporate client records, product roadmaps, contact address books, phone and Web logs, calendar records, personal and business correspondence, computer passwords, user medication information, and other private, competitive or potentially damaging material.
The information was retained in the flash memory of the devices because of users' failure to perform the advanced hard reset required to delete the data. The nine devices with retrievable data included those belonging to a former employee of a publicly traded security software company, an employee of a web services firm, and a corporate counsel of a multi-billion dollar technology company serving the legal market. The tenth device in the test was never used.
The analysis highlighted the vulnerability of individuals and organizations that fail to secure the data on their smartphones and PDAs. Loss or theft of the devices could lead to embarrassment, major breaches of corporate security, or even blackmail.
"Personal and corporate data is being sold on the open market through eBay, and it's also available to anyone who finds, steals or purchases a used smartphone or PDA from any other source. With nearly 2 billion smartphones currently on the market, the potential for having this information fall into the wrong hands is staggering," said Nick Magliato, CEO of Trust Digital.
"The general public needs to immediately be made aware of this fact. Whether you're talking about pilfering an individual's private files or stealing corporate secrets, this adds up to a very real data theft epidemic," Magliato noted.
Consumers can protect themselves by enabling the password function on their devices, asking their cellular carriers for information about data security, and "hard wiping" their devices before selling them. Owners of Palm Treo 650s and RIM devices should consult the respective vendors to access the built-in hard wipe function. For other devices, commercial hard wipe products are available.
Businesses can protect themselves by adopting mobile security technology software solutions that secures all forms of data resident on mobile devices at all times.