Cell Phone Secrets Die Hard 146
duplo1 writes "According to an article on CNN, "Selling your old phone once you upgrade to a fancier model can be like handing over your diaries. All sorts of sensitive information pile[s] up inside our cell phones, and deleting it may be more difficult than you think." It seems that corporate security policies need to extend their disposal standards to mobile devices; but what is there to educate consumers regarding such a potential breach of privacy?"
Common Sense? (Score:2, Informative)
Common sense? When a big organisation gets rid of it's old computers it (usually) destroys the harddisks totally. Why should it be any different with mobile phones?
In a previous organisation that I worked for, the IT department (who happened to be in charge of all things cellular) made sure that every outgoing phone went through it's hands before going back to the cell operator for an upgrade or onselling etc.
The only education needed is in the specific technology department that handles these things and they just need to basically make sure that things are taken care of before the phone leaves the company - it usually isn't that hard.
Some carriers handle this properly (Score:5, Informative)
Re:Conflicting reports (Score:2, Informative)
"Mansell pointed out that time-consuming manual examination can still retrieve phone data."
All they're saying is that non-standard formats make it harder to lift information - it's still there. Just like it's harder to recover lost data on ReiserFS than it is on ext2. It's still there, but the filesystem makes it a little more confusing.
Anyway, this should become less of a problem as manufacturers settle on a few standard formats to cut costs.
NIST review of available tools: (Score:2, Informative)
"This report gives an overview of current forensic software, designed for acquisition, examination, and reporting of data discovered on cellular handheld devices, and an understanding of their capabilities and limitations."
http://csrc.nist.gov/publications/nistir/nistir-7
Re:factory reset? (Score:5, Informative)
But that's just the typical reset. Factory Reset isn't a feature that is normally exposed without additional external attachments (a cable, a PC, and special software).
Greed, not paranoia (Score:3, Informative)
Of course, I haven't actually seen the schematics for any (much less all) of the DoCoMo phones so I could theoretically be being fooled, but given the nearly paranoid attitude among Japanese these days over personal information, I doubt DoCoMo would take that risk.
I think greed has more to do with it than anything else; by destroying the phone instead of reselling/recycling/donating it, they protect the market for new phones. If people sold their phones instead of tossing them or letting them be destroyed, then people whose phones died and just simply needed a -working- phone, would be able to get one used instead of having to buy a new one.
Right now, SIM/provider locks are used to help artificially inflate the 'cost' of phones, and get extra money for providers on the contract side, too. I have an old "legacy" AT&T account that costs me $25/month. My phone is on the fritz, and when I asked about getting a new one from "Cingular", Cingular told me that I'd have to get a different plan. Surprise surprise- the "same" plan from Cingular is well over $30, which means that they're getting an extra $120 a year from me.
In the case of the article- they're talking about Smartphones with flash-memory devices, where you need to zero out the memory device to assure no data can be recovered, just like you have to zero a hard drive. "Normal" phones don't have any of these issues- and the article neglects to mention this clearly.
So, just pop the memory card out, pop it into a reader, and run a full format of the card, or just copy a file nearly the same size as the card to it. Done. Nothing to see here, move along, "security research" company scaring people needlessly.
PS: Your phone contains MANY toxic chemicals that DO NOT belong in a landfill. They MUST be properly recycled or donated. If you're too lazy to have it properly recycled or sell it on ebay, please donate it and its charger to a local domestic abuse shelter, as any cell phone by law must be able to dial 911.
Re:I can tell you've never had a cell phone. (Score:4, Informative)
Re:factory reset? (Score:3, Informative)
Re:factory reset? (Score:2, Informative)
Re:once erased, it can also come back.. (Score:1, Informative)
Re:Resetting Palm? (Score:2, Informative)
Blueberry Blues (Score:2, Informative)
Re:factory reset? (Score:5, Informative)
Not true. If a phone has been unlocked [thetravelinsider.info] for $10 or so, it can be used on any compatible network. Meaning I could eBay a Cingular phone and use it with T-Mobile-To-Go and pay by the month.
Furthermore, for $75 I could eBay a used Motorola V330 that had been used with a T-Mobile 2-year contract. Then I could use it with T-Mobile-To-Go. I'd get a good phone for a great price that is more capable than the Samsung SGH-209. T-Mobile sells that one new for $99.
I happened to be researching them last week before buying.
(Nokia) IntelliSync Device Manager (Score:3, Informative)
The industry is already aware of the problem and has solved it.... the answer is:
Nokia/IntelliSync Device Manager OMA [nokiaforbusiness.com]
You buy a per device license and you can then use the licenses in any ratio between the Professional Edition (which specializes in PDA management) and the OMA edition which specializes in phones. With the OMA edition - for which I developed the training class - you can establish a secure trusted connection to the handset. A 4-digit hex fingerprint is required to avoid MITM. From that point on - any action can be carried out by the central adminstrator without further user intervention, including application installation, settings, inventory, and a complete device wipe. Available applications include Blackberry and 4-5 other email solutions, Norton AV, and Pointsec flash disk encryption.
The problem is not the technology the technology is HERE. The problems are: