The Risks of Residual Data on Used Hardware
A new security study from Blancco Technology Group and Kroll Ontrack examined residual data on recycled hard drives and mobile devices. The study examined 122 pieces of second-hand hardware purchased online, including items from eBay and the Amazon marketplace. The researchers found that almost half of the hard disk and solid state drives contained residual data. Furthermore, 35 percent of the cell phones examined in the study contained leftover emails, call logs and instant messages.
The researchers in this study were thorough enough to check and see if any deletion attempts had been made to the devices. They found that deletion attempts were made on 75 percent of the drives which contained residual data and 57 percent of mobile devices. The majority of the deletion attempts utilized standard default methodology for deleting information from the devices in question, revealing the ineffective nature of default data deletion options built-in to standard operating systems. Paul Henry, a Security Consultant for Blancco Technology Group, remarked that “failing to wipe information properly can have serious consequences. One of the more glaring discoveries from our study is that most people attempt in some way or another to delete their data from electronic equipment. But while those deletion methods are common and seem reliable, they aren't always effective at removing data permanently and they don't comply with regulatory standards”
There are a number of effective file deletion tools available online including the Lavasoft File Shredder. A typical file shredder utility offers the option to overwrite your files with junk information (random 1s and 0s) several times – each time it overwrites the files is called a “pass.” Ensure that the program you use makes a sufficient number of passes when overwriting your information – to give you an idea, three passes is the standard amount of times a hard drive would be overwritten for military purposes.
The study offers additional tips for securely erasing your data from mobile devices: “For an Android device, use the device settings to encrypt the data and then perform a factory erase function. Any residual data will remain encrypted and unusable. Remove micro SD card (if applicable), or do not include it with the sale of your device. For an iOS device, use the iTunes restore function, making sure to restore back to the factory setting or use “Erase All Content and Settings” from the iPhone menu.”