With the internet buzzing about an iPhone 5, many people are already looking at how much they could get for selling their used iPhone 4S or smartphone. But, are you putting your identity and credit at risk or does doing a factory reset on your phone really clean it? Forensic computer analyst Steve Burgess gave his advice on which phones actually remove all personal information and which don’t.
Burgess took an iPhone, Blackberry, and an Android that had been previous used by consumers and had been restored to factory settings. He also tested a Samsung featured phone. Samsung did not feature a “restore to factory settings” option so, everything on the phone was manually deleted. Burgess then used several programs to try and find personal information on the phones. Here were the results.
For iPhone and Blackberry users, you can breathe a sigh of relief. Burgess was unable to recover any data.
“With an iPhone, when you do a factory reset, it removes all of the encryption keys, which is the same as wiping it, unless you have something like a supercomputer,” said Burgess. He also stated that he tried a number of programs to get around the encryption, but was unable to extract anything.
For Android users, the news isn’t as good. Burgess was able to access data. He stated that, “hitting the factory reset on phones running the Android operating system doesn’t technically remove or write over data stored on the phone. It just masks the location of that data. Burgess explained that with forensic software or some basic hacking skills, that data could be accessed.”
Another security risk for Droid users is the SD card. While the cards can be erased, there is a lot of software available to pull up ‘erased’ data. Burgess recommends pulling the SD cards from any phones you sell.
Feature phones are a little more complex. They require a computer connection to gain access to the deleted data. To do this, hackers would need a proprietary cable. While finding one may be difficult, if someone wanted to take the time and look on eBay and they could secure the correct cable. If a thief takes the time to do it and connects to a computer and using forsenic software, getting data is possible. However, feature phones just hold contacts and texts. They don’t usually hold mobile banking information, etc.
Burgess summed up his results by saying, “If you do a factory reset on your phone and take out the SIM card and take out the SD card, that you’re probably fine. The guy on the other end is probably not going to find much of anything. He’s probably not going to be a forensics guy. And even if he is a forensics guy, it can be pretty tough to get stuff off of phones because there are such a variety of them.”