APD News
Close

APD NewsAPP, New stage!

Click to download

Donated devices are doxing your data, says new research

Science

2019-03-19 11:00

In the space of six months, one security Researcher found thousands of files from dozens of computers, phones and flash drives — most of which contained personal information.

All the Researcher did was scour the second-hand stores for donated and refurbished tech.

New Research published by security firm Rapid7 revealed how problematic discarded technology can be. For his Research, Josh Frantz bought 85 devices for $650, and found over 366,300 files, including images and documents.

After an analysis of each device, Frantz found email addresses, dates of birth, Social Security and credit card numbers, driver’s license data and passport numbers.

Only two devices were properly wiped, he said.

Shy of going into a forensic-level search, the Researcher suggested he could have rinsed even more data from his cache of refurbished devices.

Although the responsibility arguably rests with the person who donates their device, Frantz said his Research revealed many businesses also don’t wipe data from the devices people turn over — despite promises and guarantees to the contrary.

Discovering data from discarded drives seems only to be getting worse.

A similar experiment done in 2012 found half of the devices obtained still contained personal information. A recent study by the University of Hertfordshire reported two-thirds of the 200 USB drives bought from eBay had private and sensitive files — including wage slips, job applications, and even nude photos in some cases.

Worse, discarded devices can open people up to hacking. Researchers recently revealed that throwing away cheap Internet of Things devices can be recovered to obtain wireless network passwords, allowing an attacker to gain a foothold into a network.

It’s the latest reminder to dispose of devices properly after they’re no longer used. Data can reside on discarded computers and drives for years — often withstanding the elements. Even erasing a device to factory reset isn’t always enough to prevent data recovery.

Frantz listed among the favorite: a hammer, industrial shredding — or, for the extreme cases, thermite.

It’s not to say you shouldn’t donate. Just, maybe keep your hands the hard drive.

3D-printed heads let hackers – and cops – unlock your phone