In the first comprehensive study of the effectiveness of the Android feature, Cambridge University researchers found that they were able to recover data on a wide range of devices that had run factory reset. The function, which is built into Google`s Android mobile operating system, is considered a crucial means for wiping confidential data off of devices before they`re sold, recycled, or otherwise retired. The study found that data could be recovered even when users turned on full-disk encryption.
Based on the devices studied, the researchers estimated that 500 million devices may not fully wipe disk partitions where sensitive data is stored and 630 million phones may not wipe internal SD cards where pictures and video are often kept. The findings, published in a research paper titled Security Analysis of Android Factory Resets, are sure to be a wake-up call for individual users and large enterprises alike.
`It`s going to have a major impact in organizations that have fairly mature established disposal practices because they`re not effective,` Kenn White, a North Carolina-based computer scientist who has read the paper, told Ars. `It`s a staggering number of devices out there that are exposed, and it`s not just somebody`s Gmail password. It`s images, photos, text, chat. It`s all these things that are private that you think if you`ve reset it you`ve reset it.`
The researchers tested the factory reset of 21 Android smartphones that ran versions 2.3.x to 4.3 of the mobile OS and were sold by five manufacturers. All of the phones retained at least some fragments of old data, including contact data stored in the phone app and third-party apps such as Facebook and What`sApp, images and video from the camera, and text-based conversations from SMS and e-mail apps. In 80 percent of phones, the researchers were able to extract the master token Android uses to give access to most Google user data, such as Gmail and Google calendar.
As an experiment, the researchers recovered a master token from a reset phone and restored the credential file.
`After the reboot, the phone successfully re-synchronised contacts, emails, and so on,` they reported. `We recovered Google tokens in all devices with flawed Factory Reset, and the master token 80% of the time. Tokens for other apps such as Facebook can be recovered similarly. We stress that we have never attempted to use those tokens to access anyone`s account.`
You are not storing data
There were multiple reasons for the reset failures. In some cases, manufacturers didn`t include the software drivers necessary to fully wipe flash chips that the smartphones used for non-volatile memory storage. More generally, and as researchers demonstrated more than four years ago, the composition of flash drives make them dangerously hard to erase. Drives are usually over-provisioned to accommodate for portions that are faulty from the beginning or wear out over time. As a result, they have more internal space than indicated by the operating system. As a researcher known as Bunnie observed during a presentation at the 2013 Chaos Communication Congress, when using Flash drives, `you are not storing data, you are storing a probabilistic approximation of your data.` Deleting all of it with certainty, it seems, is exceedingly hard.
Read original article
No comments:
Post a Comment