Nude pics, other data, recovered from 'wiped' Android phones purchased on eBay

Share this article:
HackingTeam tool makes use of mobile malware targeting all major platforms
Researchers purchased "wiped" Android smartphones on eBay, but were still able to restore the personal data.

Restoring Android smartphones to default, or erasing the memory, will not stop attackers from recovering personal information and possibly using it for nefarious purposes, AVAST researchers found after purchasing 20 "wiped" devices on eBay and digging up, altogether, more than 40,000 individual bits of data.

Although there was some overlap, AVAST purchased a variety of devices, including the HTC One X for AT&T, HTC EVO 4G, HTC ThunderBolt ADR6400L for Verizon, HTC Sensation 4G, Samsung Galaxy S2 from Sprint, Samsung Galaxy S3, Samsung Galaxy S4 for AT&T, LG Optimus L9 P769, and Motorola Droid RAZR MAXX XT912.

From all of those devices, more than 40,000 photographs were recovered, according to a Tuesday post. More than 1,500 pictures were family photos of children, more than 750 were nude photos of women, and more than 250 were “selfies” of male genitals presumably taken by the previous owner.

Additionally, more than a thousand Google searches, more than 750 emails and text messages, more than 250 contact names and email addresses, and four identities of previous owners were also recovered, as well as a completed loan application.

No business data or company information was recovered, Jaromír Hořejší, malware analyst with AVAST, told SCMagazine.com in a Tuesday email correspondence.

“We recovered some compromising photos, which may cause significant problems and embarrassment [if] someone published them or used [them] for blackmailing,” Hořejší said. “If some recovered documents contained, for example, passwords, it then may of course lead to identity theft.”

Sensitive information can be recovered from Android smartphones because deleting a file the “regular way” only results in a reference to the file being deleted and the area being marked as free, Hořejší said. In actuality, the entire file just remains where it is until overwritten by something else.

“In a nutshell, first we rooted all the phones, then we cloned 'data' or 'userdata' partitions, then we searched for known patterns and file format signatures, [such as] pictures, databases, coordinates, [and] Facebook chats,” Hořejší said. “All interesting data was recovered from 'data' or 'userdata' partitions. Sometimes the data was stored on the external memory card.”

Page 1 of 2
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Hackers grab email addresses of CurrentC pilot participants

Hackers grab email addresses of CurrentC pilot participants

Although the hack didn't breach the mobile payment app itself, consumer confidence may be shaken.

Operators disable firewall features to increase network performance, survey finds

Operators disable firewall features to increase network performance, ...

McAfee found that 60 percent of 504 surveyed IT professionals prioritize security as the primary driver of network design.

PCI publishes guidance on security awareness programs

PCI publishes guidance on security awareness programs

The guidance, developed by a PCI Special Interest Group, will help merchants educate staff on protecting cardholder data.