Thursday, August 31, 2006
It's not easy to totally erase sensitive information.
WASHINGTON (AP) -- Don't tell your cell phone any secrets. It might not keep them.
Secondhand phones bought over the Internet surrendered credit card numbers, banking passwords, business secrets and even evidence of adultery.
One married man's girlfriend sent a text message to his cell phone: His wife was getting suspicious. Perhaps they should cool it for a few days.
"So," she wrote, "I'll talk to u next week."
"You want a break from me? Then fine," he wrote back.
Later, the married man bought a new phone. He sold his old one on eBay Inc. for $290.
The guys who bought it now know his secret.
The married man had followed the directions in his phone's manual to erase all his information, including lurid exchanges with his lover. But it wasn't enough.
Selling your old phone once you upgrade to a fancier model can be like handing over your diaries. All sorts of sensitive information pile up inside our cell phones, and deleting it may be more difficult than you think.
A popular practice among sellers, resetting the phone, often means sensitive information appears to have been erased. But it can be resurrected using specialized yet inexpensive software found on the Internet.
Recovered information
A company, Trust Digital of McLean, Va., bought 10 phones on eBay this summer to test phone-security tools it sells for businesses. The phones all were fairly sophisticated models capable of working with corporate e-mail systems.
Curious software experts at Trust Digital resurrected information on nearly all the used phones, including the racy exchanges between guarded lovers.
The other phones contained:
* One company's plans to win a multimillion-dollar federal transportation contract.
* E-mails about another firm's $50,000 payment for a software license.
* Bank accounts and passwords.
* Details of prescriptions and receipts for one worker's utility payments.
The recovered information was equal to 27,000 pages -- a stack of printouts 8 feet high.
"We found just a mountain of personal and corporate data," said Nick Magliato, Trust Digital's chief executive.
Many of the phones were owned personally by the sellers but crammed with sensitive corporate information, underscoring the blurring of work and home.
The 10 phones Trust Digital studied represented popular models from leading manufacturers. All the phones stored information on flash memory chips, the same technology found in digital cameras and some music players.
Flash memory is inexpensive and durable. But it is slow to erase information in ways that make it impossible to recover. So manufacturers compensate with methods that erase data less completely but don't make a phone seem sluggish.
Will return phones
Trust Digital said it intends to return all the phones to their original owners and said it kept the recovered personal information on a single computer under lock and disconnected from its corporate network at its headquarters in northern Virginia.
Peiter "Mudge" Zatko, a computer security expert, said phone owners should decide whether to auction their used equipment for a few hundred dollars -- and risk revealing their secrets -- or effectively toss their old phones under a large truck to dispose of them.
What about a case like the Lothario whose affair Trust Digital discovered?
"I'd run over the phone," Zatko said. "Maybe give it an acid bath."
Copyright 2006 Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.