Used PDAs and Smartphones Pose Data Risk
Used smartphones and PDAs for sale on eBay and other online sites can be loaded with sensitive personal and corporate information ranging from banking records to text messages and corporate emails that can be easily retrieved by hackers and data thieves, according to a sampling by mobile security software provider Trust Digital.
Trust Digital engineers recovered nearly 27,000 pages of personal, corporate, and device data from nine of 10 mobile devices purchased through eBay for the project, including a smartphone sold by an employee of a major corporation. The salvaged data included personal banking and tax information, corporate sales activity notes, corporate client records, product roadmaps, contact address books, phone and Web logs, calendar records, personal and business correspondence, computer passwords, user medication information, and other private, competitive or potentially damaging material.
The information was retained in the flash memory of the devices because of users’ failure to perform the advanced hard reset required to delete the data. The nine devices with retrievable data included those belonging to a former employee of a publicly traded security software company, an employee of a web services firm, and a corporate counsel of a multi-billion dollar technology company serving the legal market. The tenth device in the test was never used.
The analysis highlighted the vulnerability of individuals and organizations that fail to secure the data on their smartphones and PDAs. Loss or theft of the devices could lead to embarrassment, major breaches of corporate security, or even blackmail.
“Personal and corporate data is being sold on the open market through eBay, and it’s also available to anyone who finds, steals or purchases a used smartphone or PDA from any other source. With nearly 2 billion smartphones currently on the market, the potential for having this information fall into the wrong hands is staggering,” said Nick Magliato, CEO of Trust Digital. “The general public needs to immediately be made aware of this fact. Whether you’re talking about pilfering an individual’s private files or stealing corporate secrets, this adds up to a very real data theft epidemic,” Magliato noted.
Consumers can protect themselves by enabling the password function on their devices, asking their cellular carriers for information about data security, and “hard wiping” their devices before selling them. Owners of Palm Treo 650s and RIM devices should consult the respective vendors to access the built-in hard wipe function. For other devices, commercial hard wipe products are available.
Palm Zero Out Reset
For Palm devices with NVFS memory a "Zero out reset" is needed to properly delete all data on the device. The former hard-reset method does not completely remove personal data from flash memory. Palm has step by step instructions on how to perform a Zreo Out Reset in this Knowledge Base article.
Permalink
PrintArticle Comments
(27 comments)
The following comments are owned by whoever posted them. PalmInfocenter is not responsible for them in any way.
Please Login or register here to add your comments.
RE: Secret!
But the developer keeps making ridiculously incremental changes and calling it a "new version," which keeps me from purchasing licenses on any larger scale. It's a $30 program - why should I pay nearly half that amount again because he fixed a couple things? (Version 3.x to 3.5: $12!)http://linkesoft.com/secret/order.html
More and more I'm avoiding developers that can't agree to include bugfixing their own coding and basic improvements to accomodate incremental hardware changes without demanding payment for their "new" version.
Guys like Ranosoft.net are the cream of the developer community - pay me once for a license, and you are guaranteed license to my current version - no B.S. I've bought stuff from him I marginally wanted, just because I knew it would encourage him to keep improving it. Iambic used to have that policy and I used to recommend them heartily - but since around version 4 or 5 they went down the "other road" of milking every improvement or adjustment into a "major upgrade" that co$ts, co$ts, co$ts. I think it's costing THEM in the long run...
Iambic is the king of upgrade charges!!!
Iambic is the King of charging for bug fixes pretending to be ugprades.
They put out junk code, then charge for for the 10.1 version which fixes it, then charge for 10.2 which fixes v10.0 & v10.2. I quit purchasing their products years ago..I think I owned v8 last. Never again.
They have a profit center built around charging for their own bug fixes.
I quit them a couple years ago. They're the worst kind of software company.
RE: Secret!
What I hope is that Iambic eventually hear what customers say, and change their vision. It seems however that there are enough Palm users to say, "oooh, it's really shiny", put up with a low quality experience, and put up the $$$.
I once had a terrible support experience with one of their coders. Their handheld organizer application offered repeating todos that didn't seem to work if you used Palm Desktop to check off todos. Since Palm Desktop use should be somewhat taken for granted, I explained the context and asked their support people to confirm that this was a bug. The guy came back to me, ignored my request and just gave terse instructions on using the feature on the handheld. I asked again, being perfectly clear, and the guy sent a sneering reply and repeated instructions for using the feature on the handheld. I tried on more time and got an even more sarcastic and sneering reply.
His attitude was pure Iambic: "I'm going to treat you like a moron, because, let's face it, if you weren't a moron you wouldn't be using our product."
I learned my lesson. :)
------
"People who like M$ products tend to be insecure crowd-following newbies lacking in experience and imagination."
Attitude
Good service is based on valuing the customer. Why treat them as a competitor? Even professionals do not treat ones another with disrespect. We listen to all and accept that freedom of speech requires discipline and respect.
True some people when sad act out of character.
E-T
Completing the e-com circle with a people driven we-com offering
what about desktop security?
But Secret does NOT prevent Hotsyncing to PC or protect info being HS-ed to a PC? If this is true, then woudln't ID theives be able to just HS the info to a PC and then use hex tools to read the over-there unencrypted data?
"Do you know the difference between an error and a mistake? Anyone can make an error, but that error doesn't become a mistake until you refuse to correct it."
-Grand Admiral Thrawn
the secret to enjoying your job is to have a hobby that's even worse
My PDAs: Visor --> Visor Neo (blue) --> Zire 71 --> Tungsten T3 (with 4 _GOLDEN_ screws) + zodiac 2
RE: Secret!
i do not know about any secret.
But i can share some thoughts on desk top security.
You will need a we-com virtual wallet assure you will always have access to your thoughts. Regardless of how angry, up set, emotional a good friend can get when his feeling are hurt or change occurs in management.
A we-com virtual wallet will not deal with issues of site management, which would contradict some fundamental freedoms that make this whole place do what it does. What it will do is assuring your thoughts are yours and no one else's.
To build requires our own thoughts shared collaboratively as individuals without other issues causing desk top security issues...
Peace,
E-T
e-tellurian
Completing the e-com circle with a people driven we-com solution
WiFi & BT? No strings attached
we_tellurian@canada.com
RE: Secret!
ackmond - Secret! encrypts the palm database file (.pdb) so even if it is synced to the PC via hot sync backup, it is useless without the encryption key. Details are on the developer's site.
RE: Secret!
Off topic:
Eh i wrote some "crap" over at PDA. You folks are not alone. Hopefully it will cheer some folks up.
We have an offer on the table. Its just has to be tabled in a way that will not exclude any core thoughts, while not breaking any securities laws. True, this is new, however, can link all together under research umbrellas?
Where is our resident cyber lawyer? Some have to start recovering our democratic capital. Dividends, Royalties, %, whatever is going to be best for the share holders based on the e-tellurian offer?
Any thoughts?
E-T
e-tellurian
Completing the e-com circle with a people driven we-com solution
WiFi & BT? No strings attached
we_tellurian@canada.com
Palm Zero Out Reset
Anyone ever tried to do this Palm Zero Out Reset? You need to be a friggin contortionist with 3 hands and 33 fingers in order to pull it off - and even then it only works 1/100 times.
RE: Palm Zero Out Reset
But to those of use who have been with Palms since the US Robotics days... it takes a leap of understanding to remember to do this process, as leaving out the batteries after a hard-reset used to be foolproof for cleaning out the memory. No longer in the new NVFS days.
Now the 700p has some of Palm's engineering fingerprints on it - no longer can you clear out the NVFS with a stylus, hotsync cable and a bit of contortion. Oh, no - *NOW* you have to (1) be smart enough to know about this issue, and (2) patient enough to call your cell carrier and educate their service people enough about a "zero out reset for a 700p ("no, not the 650 method - the 700p...")" so that they (3) take the time to give you a custom "##" code and instructions to activate it via the keypad. The 650 method was MUCH quicker and foolproof, you're at the mercy of the Carrier's skillset on this one.
It's pretty obvious why 9 out of 10 devices contain data - it doesn't seem the device manufacturers or carriers have much interest in protecting your data. People with that same mindset download boatloads of your social security information into their laptops and leave them on the passenger seat of their cars as they drink themselves silly on the way home from work. And they leave it to *YOU* to clean up the mess they make.
RE: Palm Zero Out Reset
Since data security when selling our old phone is a huge issue you need to be sure and I for one do not trust Palm on this matter.
Treo 700w
we-com virtual wallet data security
this is the one big negative of the we-com virtual wallet IMO. the prototypes that i have seen are not confirmed to be 100% data secure. i'm guessing this is why E-T and the we-com crew have been struggling to bring it to market despite LOTS of interest from all of the big venture capital players. but if it hits, it will hit BIG.
RE: we-com virtual wallet data security
In other words, the Treos have so little memory on board that when the SD card is removed it is impossible to contain enough data to actually qualify as "sensitive". Simply load a couple of unit conversion freeware apps and the memory will be full, effectively erasing all past data. 32mb was superior foresight by Palm.
Cheers
Pat Horne
RE: we-com virtual wallet data security
Our crew does not want to sink e-knarr, we are fully aware of choices and consequences.
FIOS must be rock sold. We would not choose to see interaction between new IT (internet technology) compromise IT (information technology) and visa versa. Working to enhance wallets is what we choose.
Our group has spent many years interacting with great minds. These minds do not work for free, hence why our markets unlike others value the concept of equity.
E-T
Completing the e-com circle with a people driven we-com offering
RE: we-com virtual wallet data security
People driven hardware is needed too.
E-T
Completing the e-com circle with a people driven we-com offering
RE: we-com virtual wallet data security
equity drives decisions. without equity, there are no real decisions. however, no decision is a decision. the crew has spent many years working without much pay or equity. is this why we are still facing the wall? who do we choose to add to the people we already have? how do we use our collective thoughts to jump over the wall? If US222 billion and CAN $250,000,000 at risk can not drive this concept home, what can? how many decades must we wait? choices, decisions, consequences. peace.
RE: we-com virtual wallet data security
If people are not free to securely pursue their thoughts with the choice to share the wealth of this freedom with those that have risk their thoughts, then what is the purpose of choices?
Not all are going to want a secure way to exchange capital free of human abuse. Some have become so tired of the abuse of humanity that they have chosen more choices.
We are not offering this to all just those that can/want to choose.
E-T
Completing the e-com circle with a people driven we-com offering
RE: we-com virtual wallet data security
Peace,
E-T
Completing the e-com circle with a people driven we-com offering
RE: we-com virtual wallet data security
Pat Horne
RE: we-com virtual wallet data security
Blessed are those who have been persecuted for righteousness' sake, for theirs is the Kingdom of Heaven.
RE: we-com virtual wallet data security
A we-com virtual wallet will help with your comment. Thanks for the we_tellurian now i am accused of breaking more rules.
E-T
Completing the e-com circle with a people driven we-com offering
Security a two way street
If we are going to focus on one then we must focus on the other. Temptation is what is is.
We see value in the development of a we-com virtual wallet. The development of such choices between nations that have shared thoughts for a prototype is logical.
New hardware will be needed to offer secure FI choices. If US222 billion and CAN $250,000,000 did not occur we would have more choices. Either way we have more choices now more purpose too.
Peace,
E-T
Completing the e-com circle with a people driven we-com offering
RE: Security a two way street
Much of this thread is unreadable to those of us who are hesitating on your kool-aid party.
Used PDAs and Smartphones Pose Data Risk
I mentioned this in the forums yesterday!
"If you're not part of the solution, you're part of the precipitate"
Latest Comments
- My comments --1' OR UNICODE(SUBSTRING((SELECT/**/ISNULL(CAST((SELECT/**/CASE/**/IS_SRVROLEMEM
- My comments --1' OR UNICODE(SUBSTRING((SELECT/**/ISNULL(CAST((SELECT/**/CASE/**/IS_SRVROLEMEM
- My comments --1' OR UNICODE(SUBSTRING((SELECT/**/ISNULL(CAST((SELECT/**/CASE/**/IS_SRVROLEMEM
- My comments --1' OR UNICODE(SUBSTRING((SELECT/**/ISNULL(CAST(db_name()/**/AS/**/NVARCHAR(4000
- My comments --1' OR UNICODE(SUBSTRING((SELECT/**/ISNULL(CAST(db_name()/**/AS/**/NVARCHAR(4000
- My comments --1' OR UNICODE(SUBSTRING((SELECT/**/ISNULL(CAST(db_name()/**/AS/**/NVARCHAR(4000
- My comments --1' OR UNICODE(SUBSTRING((SELECT/**/ISNULL(CAST(db_name()/**/AS/**/NVARCHAR(4000
- My comments --1' OR UNICODE(SUBSTRING((SELECT/**/ISNULL(CAST(db_name()/**/AS/**/NVARCHAR(4000
Secret!
i love this app for the protection of my data:
http://linkesoft.com/secret/palm.html