Users run the risk of losing personal files when transferring the gadget to third parties
GADGETS SMARTPHONES PERSONAL INFORMATION SALE
When selling or repairing a smartphone, the user exposes himself to danger: his personal information can be obtained by third parties.
A cybercriminal may have at his disposal not only photographs with passport data, but also candid pictures, as well as access to banking applications.
Often such "gifts" are made by users themselves, forgetting to log out of their accounts and not protecting sensitive files. Izvestia found out how to protect the device from theft of personal information.
|smartphone sales and repairs threaten data leak|
Why selling a phone is dangerous
“Before selling their smartphone, most users independently clear the gallery, messages, contacts, log out of all social media accounts, delete applications and browser history, but this process is ineffective and takes a long time ,” writes cybersecurity expert Sergey Vakulin in his Telegram- channel.
Despite significant advances in security, the risk of file leaks from mobile devices is still real.
Data often remains on used gadgets from previous owners. How the new owner will use them is unknown.
“ The purpose of an attacker can be completely different, ranging from gaining access to intimate photographs and correspondence in the mail for further blackmailing the victim and ending with accessing a bank account and corporate data ,” says Alexander Dvinskikh, an information security expert at CROC.tel
Jet Infosystems specialist Maria Utkina adds that opened accounts in social networks can be used for spam mailings.
Typically, users rarely think about these consequences. At best, they clear gallery, posts and log out of app accounts. However, these actions are not enough. Few people take into account the fact that in the Android operating system, unlike iOS, there is a function for viewing the file system.
“When using instant messengers, such as Telegram or WhatsApp, all media attachments (photos, videos, audio recordings, voice messages, GIF) that the user received and sent are placed in a separate folder on the device. Even if the user deletes media attachments from his gallery, they will remain in a separate folder on the device automatically, ”explains Sergey Vakulin in the publication.
According to Viktor Chebyshev, an expert at Kaspersky Lab, the best option is not to sell old gadgets (smartphones, laptops and other media). In many cases, information from the device can be restored even after a factory reset and formatting.
- The specificity of the memory of gadgets is such that all previous files are deleted only if they are overwritten. Factory reset doesn't do that.
In addition, there is a technical possibility to restore even erased information on supported media and computers using the file carving method, - noted the source of Izvestia.
How to secure files
If a person nevertheless decided to part with the old device, it is worth making a backup copy of the data and then correctly erasing personal information . Recommendations for each specific type of Android or iOS device may differ. However, there are general rules that apply to all smartphone owners.
Alexander Dvinskikh from the IT company "CROC" recommends using special programs to destroy files :
- They can be found in the app store, for example by entering the query "wipe memory". Guaranteed memory wiping will exclude the possibility of further data recovery.
Kaspersky Lab expert Viktor Chebyshev urges to make sure that the device being sold is encrypted. This is especially true for Android smartphones (on new Android devices, encryption is enabled by default).
- Also check that all personal files on the device are erased.
This can be done in the settings. On iOS, you need to find the Erase All Content and Settings item; for Android it all depends on the version and model of the device, - added Chebyshev.
Only after these steps is it worth doing a factory reset or formatting the device.
How to protect data before repairing a gadget
The user faces similar hassles when he hands over the equipment for repair. However, in this case, the person leaves the device incompletely; it is only necessary to secure the smartphone or computer for the duration of the repair.
Before taking the device to the service center, Sergey Vakulin advises transferring the data to the cloud or USB flash drive. The expert draws attention to another important point:
- The browser has a function for autosave passwords. It allows you to avoid having to enter your password every time you log into a website or social network. However, this convenience can be a vulnerability.
When we hand over the equipment for repair, an unscrupulous service employee is able to crack the password. Instructions on how to do this can be found even in the public domain.
Most often, users themselves "give" cybercriminals the opportunity to dig into their devices.
When customers bring equipment to a repair service, few leave social media accounts. The reason for this is illiteracy in the information space or gullibility, says Vakulin.
Fortunately, this particular situation is fixable: you can log out of the profile remotely .
You need to log into your account from another device and find the option "end all sessions". In "VKontakte", for example, it is located in the settings in the "Security" tab.
The main problem is that disclosing data is not difficult and does not require special knowledge.
Often, an attacker can get hold of sensitive information simply by looking for life hacks on the Internet.
- Therefore, it is better to store all personal information on the SD card and not in the phone memory.
In case of repair, the card can be pulled out of the smartphone at any time . Also, in the "Settings" of the phone, you will need to enable the encryption function on the card, - said Alexander Dvinskikh.
Before handing over your smartphone for repair, be sure to remove the SIM card as well.
The absence of a SIM card in a device with installed banking applications that support two-factor authentication via SMS will exclude the possibility of losing funds.
As in the case of selling a phone, the expert advises using the disk encryption functions on mobile operating systems :
- In recent versions of Android, disk encryption is enabled by default. However, on older gadgets, this option must be enabled manually in the "Settings" of the phone.
In iOS devices, the smartphone's memory encryption functions also work by default.
Perhaps the most critical option is when the device is "burnt out" suddenly, to the point of deleting or hiding data.
Such a case is described by a user of one IT forum:
“There is a lot of personal and work information left on the hard drive. Both in the form of files and cached data in browsers. Plus logins and passwords. What to do so that information does not fall into the hands of strangers from the service center? "
According to sympathetic users, in this case, after a quick diagnosis, remove the hard drive and hand it over to the owner. However, there are users who sneer at the vigilance of the applicant:
“Hundreds of laptops pass through the hands of repairmen, and each one contains very important top secret data. Instead of tea, they (the employees) definitely need to make an image of the disk of each laptop at lunchtime, on a dark night to disassemble it to the last byte and extract priceless pictures. "
Experts acknowledge that strict guidelines may not apply to all service centers.
However, the more unknown the company you trust with your equipment, the higher the risks.