Skip to main content

iPhone 6S launch - Warning to consumers before trading-in existing devices

Ahead of today's Apple iPhone 6S launch event, Pat Clawson CEO of the Blancco Technology Group, has issued the following warning to consumers about the sensitive data stored on their old phones.

What are some of the dangers of trading your old phone to resale sites without removing data?

Consumers need to know that if they’re trading in their older smartphones, those devices will inevitably find their way back into the marketplace. Contact lists, photos and videos, personal usernames, passwords and even bank account details – it’s all there to be found. Plus, if the original owner ever used their device for work, which so many of us do, it could include their credentials to access the corporate network.

Unfortunately, many users - as well as enterprise businesses - mistakenly assume that manually deleting data or performing a factory reset will wipe a mobile device clean and eliminate any potential security threats. But that’s just not true. A factory reset only removes pointers to the data, but it doesn’t actually erase the data forever.

Without a USB connection to a computer, which can detect all areas of the memory and initiate a full overwriting of the data, there will always be a possibility of recovery. So they need to be careful about what they’re handing over and should ask for some form of certification – that can’t be falsified after the fact – to verify that all data was erased permanently. Otherwise, they’ll be leaving their security to blind faith and that’s just not good enough. Not by a mile.

What are some of the dangers of trading your old phone into your mobile carrier?

Unlike many other businesses, mobile carriers and device manufacturers face a difficult challenge. They can’t simply attract customers once and then walk away. They have to fulfil customers’ needs post-sales repeatedly and exceptionally well if they want to keep them as long-time customers.

And whether it’s in keeping devices running optimally for longer periods of time or making sure all data is erased permanently before users trade in their old devices for new ones, that’s just as true.

And unless your mobile carrier or device manufacturer can prove, with a certified audit trail and tamper-proof certificate, that all of your data has been permanently erased from that old iPhone, then you’re putting your data – and yourself – at serious risk.

What is the best way to wipe a phone?

Many people assume factory resets or remote factory resets will do the job of erasing data from their old iPhones. But that’s a huge oversight on their part. Factory reset only removes pointers to the data and still leaves the data itself intact. So all of that data people think has been ‘deleted’ from their old iPhone – as well as external SD cards – is still left intact - and can be easily be recovered using readily available software.

And then there’s mobile device management (MDM) software. While these solutions typically offer security measures like firewall, encryption and virtual private network (VPN) support, the only data deletion this type of software can do is remote wiping. Because remote wipe only removes pointers to the data, it doesn’t erase the data forever.

Now because there’s an app for everything these days, mobile device manufacturers have created apps that can overwrite a mobile device’s data. While these apps, can in fact, erase data, they omit one very crucial component – a tamper-proof report displaying electronic serial numbers and other details that prove, without a shadow of doubt, that all data has been expunged forever without the possibility of resurfacing. They also are only capable of integrating with the operating system used by the manufacturer’s devices so they have to be erased manually.

Whether you’re trading in your old iPhone, Samsung Galaxy, LG or any other mobile device, it’s important to erase your mobile data forever. For iPhones, use iTunes to ”Restore” the device. This will delete the encryption key associated with the device rendering any remaining data (if any) unrecoverable.

If it’s an Android device, do not apply the factory reset. This won’t permanently erase the data, as we’ve seen from the Cambridge study where researchers uncovered massive amounts of data on Android devices after the factory reset was performed.

Instead, use the device settings to encrypt the data and then perform a factory erase function. Any residual data will remain encrypted and unusable.