Australian Android Phones At Risk From User Deletion ‘Bug’

Hundreds of millions of smartphone owners worldwide may be leaving sensitive data on their phones without knowing which subsequent users could exploit for financial gain or identity theft.

The problem occurs because of a bug in the ‘factory reset’ option of Android smartphones leaves sensitive data on the phone, despite the user’s attempts to delete the information.

It is considered best practice to perform a factory reset of your phone before selling it, so that the next owner cannot access your data. The bug is estimated to affect more than 500 million Android devices worldwide, including models sold in Australia.

This recently discovered bug allowed security researchers to recover data on supposedly wiped smartphones. The researchers retrieved important login information from the smartphones, allowing them to log in, sync user contacts, and read other data left on the devices by the previous owners.

The bug is believed to be present on many types and models of Android smartphones, although the list of exact models affected has not yet been established. Android versions between 2.3 (Gingerbread) and 4.3 (Jelly Bean) were found to allow access to data after the device was supposedly wiped. It is not yet known whether the latest versions of Android are affected.

The factory reset option on smartphones is designed to remove all of the data that the user has put on the phone, including photos, emails, apps and passwords to sensitive sites and restore it to the factory settings.  

What you can do to protect yourself

Enabling and using full hard drive encryption on your smartphone provides the best protection for your data. Newer Android phones should give you the option to perform hard drive encryption when you first set up your phone. If you wish to apply hard drive encryption to your phone, seek advice from your smartphone vendor as the steps vary between models.

If you have highly sensitive data, you should consider not selling or giving away your old smartphone. Instead, you may wish to seek technical advice on destroying the device, including its hard disk.

If you still plan on selling it or giving it away then still perform the factory reset.
 

We would also strongly recommend that you subscribe to the Alert Service provided by www.staysmartonline.gov.au to keep updated with the latest cyber threat information.


Surety IT can help you create the right system to enhance your business, ensuring you know how it is right for you and how to use it. We will tailor a solution to suit your needs with leading systems, local support and more, building your vision for a more flexible and capable business.

Call us today on 1300 4 787 389 or email info@suretyit.com.au to discuss your requirements.

*This article was originally published on Staysmartonline.gov.au website