Mobile phones can never be totally wiped clean of data
Melbourne, Oct 6 :: Each year millions of mobile phones are lost or discarded with
their personal data, which can eventually be extracted by someone or the other, making
cell phones extremely vulnerable to breach of privacy, according to a new study.
The study has shown that cell phones cannot be wiped off completely and hence it can
get risky to discard or recycle the phones, which could contain information like business
plans, details of customer relationships, information on the structure of the company,
details of bank accounts and details about children and other personal relationships.
Unlike a PC, which has an open architecture, mobile phones are closed books in terms of
where data resides.
"It has taken us over a year to get talks going with Nokia that now allows us to wipe
their phones," the Sydney Morning Herald quoted Jon Godfrey, director of Sims Lifecycle
Services, which recycles mobiles, as saying.
He added: "We have to go through a different process with each manufacturer. To wipe
it, you have to be able to access all the memory - and manufacturers don't want you to do
that for all sorts of commercial reasons."
As part of a study into data loss on mobile devices by BT (formerly British Telecom),
Glamorgan University, Australia's Edith Cowan University and Sim Lifecycle Services, the
researchers recovered many handsets from mobile phone recycling companies
The study was aimed at showing just how much data a mobile device could collect about
someone.
The researchers found that people usually underestimated just how much data was held on
their PDAs and phones, and there were a very few individuals who took any care to secure
them against loss or theft.
While, the phone industry is launching new devices that will be able to hold huge
amounts of information and financial services industry aiming to turn mobiles into payment
devices that incorporate credit cards, such vulnerability of mobile phones could prove to
be quite dangerous.
Two years ago Communications-Electronics Security Group, the technical wing of the
British Government's eavesdropping organisation, Government Communications Headquarters,
which is responsible for advising the government on technology vulnerabilities, gave a
private briefing that mobile phones cannot be wiped.
While CESG claimed that measures could be taken to prevent any leak of information via
mobiles, its spokesman did not reveal what those measures are.
According to Godfrey, at Sims Lifecycle Services, says a discarded unwiped phone or PDA
is "a perfect tool for social engineering and it's only going to get worse" as the storage
capacity of mobile devices increases.
"The point of this work is really to bring across to people the risks that mobile
phones present to their personal data," he said.
In the survey, seven per cent of devices were found to have enough personal data on
them for the individual concerned to have their identity stolen and seven per cent would
have allowed a corporate fraud to have taken place.
Another two per cent still had SIM cards in them, while 27 per cent of the BlackBerrys
in the survey had company data and 16 per cent carried personal information.
Of the 161 devices in the survey, many were first-generation GSM phones and only 82
could be made to work, which alone was significant enough, said Dr Andy Jones, head of
information security research at BT's research centre.
Professor Andrew Blyth, of Glamorgan University's computer forensics department, said:
"There are no tools out there at the moment that let you destroy the data on mobile phones
so I think that people need to take the appropriate measures to protect their personal
data." :
--ANI
