SCF Advanced Search



Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43467
  • Total Topics: 16558
  • Online today: 2834
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 2
Guests: 1964
Total: 1966









Author Topic: Warning: Android's Factory Reset tool doesn't wipes your data 100% !?  (Read 14034 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


It’s common sense to reset an Android phone to its factory state before selling or disposing of it. But beware, researchers recently found that this often fails to properly wipe all sensitive user data from the device.

A test on 21 second-hand smartphones running Android versions between 2.3.x (Gingerbread) and 4.3 (Jelly Bean) revealed that it’s possible to recover emails, text messages, Google access tokens and other sensitive data after the factory reset function had been used.

The study was done by researchers Laurent Simon and Ross Anderson from the University of Cambridge in the U.K. on used devices bought from eBay between January and May 2014.: https://www.cl.cam.ac.uk/~rja14/Papers/fr_most15.pdf
The devices included models from Samsung Electronics, HTC, LG Electronics, Motorola and three from Google’s Nexus line of phones.

In 80 percent of cases the researchers managed to recover the Google master token that could allow an attacker to re-synchronize the device with the previous owner’s Google account, gaining access to the emails, contacts, Wi-Fi passwords and other data backed up to that account.

In some cases they also recovered access tokens from apps such as Facebook, portions of emails, SMS messages and other instant messaging conversations.

“The reasons for failure are complex; new phones are generally better than old ones, and Google’s own brand phones are better than the OEM offerings,” Ross Anderson said in a blog post. “However the vendors need to do a fair bit of work, and users need to take a fair amount of care”: https://www.lightbluetouchpaper.org/2015/05/21/user-not-present-attacks/

Encrypting the phone can help mitigate some of the risk, but not completely. The researchers found that in some cases an attacker could recover enough information after a factory reset operation to break the encryption key using brute-force techniques. In order to prevent this, it’s essential for phone owners to set a strong password when encrypting their phones, as 4-digit PINs are easy to crack.

Based on their findings, the researchers estimate that up to 500 million devices may not properly erase the data partition where the OS and apps store credentials and up to 630 million may not sanitize the SD card where multimedia files such as photos and videos are typically saved.

In a separate study, the researchers analyzed anti-theft features like remote device locking and wiping offered by top mobile security apps: https://www.cl.cam.ac.uk/~rja14/Papers/mav_most15.pdf
Their conclusion was that these apps do not represent an alternative to the flawed built-in factory reset, because they are limited by the OS architecture and APIs in what they can do.

The only viable solution would be improvements to the data wiping mechanism made by the phone vendors themselves, the researchers said.

It’s not clear if the factory reset function has been improved in Android versions newer than 4.3.

Google did not immediately respond to a request for comment.

(PCW)

Samker's Computer Forum - SCforum.info


jheysen

  • SCF Global Moderator
  • *****
  • Posts: 879
  • KARMA: 121
  • Gender: Male
I'm not surprised, as factory reset just deletes the files not in the persist catalog over /data

Fintech

  • SCF VIP Member
  • *****
  • Posts: 367
  • KARMA: 49
  • Gender: Male
I don't care that because I have Nokia's Lumia cellphone.  ;D    I have had always Nokia's mobilephone.
Actually nowadays it is Microsoft phone such as each it knows. .  :bih:

I don't still necessary likes about M$.

justchengke

  • SCF Member
  • **
  • Posts: 11
  • KARMA: -3
  • Gender: Female
Actually, Android's Factory Reset tool doesn't wipes android data 100%. And with pro android data recovery program, deleted data can be recovered. So in case of personal data leak, we'd better wipe android data by using android data eraser program, which can help you permanently delete your phone data.

Fintech

  • SCF VIP Member
  • *****
  • Posts: 367
  • KARMA: 49
  • Gender: Male
Who wants to load Androit program's elsewhere as from official sources, such as Samsung store or from Google Play?  :o

Samker's Computer Forum - SCforum.info


Daretop

  • Guest
Re: Warning: Android's Factory Reset tool doesn't wipes your data 100% !?
« Reply #5 on: 08. September 2021., 19:52:27 »
Thanks to the author for writing the post, it was quite necessary for me and liked it. I wrote a note on the oxessays review about this. I will be happy if you read it and accept it. Thank you for your concern.

Samker's Computer Forum - SCforum.info

Re: Warning: Android's Factory Reset tool doesn't wipes your data 100% !?
« Reply #5 on: 08. September 2021., 19:52:27 »

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023