'One in five' mobiles on eBay contain 'highly sensitive' information

‘One in five’ second-hand mobile phones bought from eBay still contain ‘highly sensitive’ information including national Insurance numbers, private pictures and social media accounts

  • Researchers brought 100 secondhand phones to see how many had been wiped 
  • They found that 53 of the phones had been properly reset to factory settings
  • Devices including modern smartphones as well as much older ‘dumb’ phones 
  • The research team say a future study would only focus on modern smartphones 

‘One in five’ mobiles brought from eBay contain ‘highly sensitive’ information about the previous owner including national insurance numbers and ‘private photos’.

Researchers at the University of Hertfordshire brought 100 phones listed on eBay and found 19 per cent contained personally identifiable information.

They included a wide range of devices from the latest smartphones to a Motorola ‘dumb pone’ from 1996 to get a varied view of the phones available on the site. 

On one device researchers found a form that included the previous owners national insurance number, date of birth and their employer’s name. 

The data found on the phones could be used to steal someone’s identity, commit fraud and even extortion, according to Comparitech, who commissioned the study.

‘One in five’ mobiles brought from eBay contain ‘highly sensitive’ information about the previous owner including national insurance numbers and ‘private photos’. (stock photo)

The Hertfordshire team used commercially available ‘analysis’ software to make a ‘clone’ of the phones operating systems and any data.

They then studied the cloned image to see what private information it contained.

Researchers found that of the 100 phones, 53 had been properly restored to factory settings, 11 were dead and 17 could not be recognised by their analysis software. 

‘Nineteen per cent of the phones contained data from previous owners, and 17 per cent had data that could be used to identify those owners’ said Paul Bischoff, privacy advocate for Comparitech.

The study authors say that in future research they would only include modern smartphones as their results were likely skewed by older phones no longer functioning or that were incompatible with their analysis software.

WHAT WAS FOUND ON THE PHONES? 

  • A P11D Expenses and Benefits form with PAYE reference, payroll number, National Insurance Number, and date of birth. 
  • 114 text messages including sexts and seven multimedia messages. 
  • Phone number, email address, and bank account details. 
  • 532 personal pictures and 16 videos.  
  • Several social media accounts that were still logged into including Facebook, Instagram, and Skype. 
  • Apple ID and password, eBay username and password, 408 pictures, and web browsing history.  
  • An email account that was logged into and still active. 
  • Evidence that the phone belonged to a child from Ringwood, Hampshire, with contacts and notes.

Source: Comparitech.com 

‘Those [older devices] that were imaged and analysed mainly contained some text messages, multimedia messages and contact lists’, said University of Hertfordshire researcher Olga Angelopoulou.

‘On the other hand, the more recent devices that had not been reset to the factory settings mostly contained some ex-user PII or fully retrievable ex-user PII. 

‘When we managed to fully retrieve an identity it was from a smartphone.’

Of the devices they were able to successfully create a ‘clone image’ of, 74 per cent had been reset to factory settings. 

Researchers say this is ‘evidence of an attempt by the user to erase personal data’. 

All of the phones were purchased on eBay between January and June, 2018.

One of the mobile phones purchased online included evidence it belonged to a child from Ringwood, Hampshire with contact numbers and notes still intact.

“Modern smartphones and tablets offer several advantages related to communication and accessibility to their users,” the researchers explained. 

“The low level of effort it takes a non-technology or computer literate user to reset their device to the factory settings is indicative of the results from the study.”

However, the fact that 17 per cent of the phones contained information that could be used to identify the previous owner suggests the sellers ‘made no effort to erase the data, or did so inadequately.’ 

 Researchers found that of the 100 phones, 53 had been properly restored to factory settings, 11 were dead and 17 could not be recognised by their analysis software

Users are more likely to wipe data stored on a mobile phone than a USB drive or a memory stick, according to the University of Hertfordshire team. 

A similar study examining secondhand memory devices found over half still contained data from previous owners. 

‘This shows mobile phones were wiped for more often’ according to Mr Bischoff.

‘Still, a significant number of people failed to erase personal data on their phones before reselling them. 

‘This could be due to a lack of understanding of how to properly delete data, a lack of concern in an era of data sharing and social media, or failure to understand the risks of exposing personal data.’

eBay told the Mail Online: ‘We strongly advise all sellers to ensure their phone is ready for sale by restoring factory settings and removing all personal data from internal and external memory storage.’

HOW DOES EBAY WORK?

EBay is an online auction site allowing users to buy and sell items. 

Almost any item can be sold on eBay, whether it is new or used. 

Sellers set the terms of the auction, including the shipment options, payment methods and return policy. 

EBay visitors have the option to search for items without logging in or creating an account. 

To sell or bid on items, you need a registered account with eBay. 

Registration is free and requires your name and email address, along with a password. 

Once registered, you have the option of connecting a PayPal account for fast payments. Some sellers only accept payment through PayPal. 

 

Source: Read Full Article