Nude pics, other data, recovered from 'wiped' Android phones purchased on eBay

Share this article:
HackingTeam tool makes use of mobile malware targeting all major platforms
Researchers purchased "wiped" Android smartphones on eBay, but were still able to restore the personal data.

Restoring Android smartphones to default, or erasing the memory, will not stop attackers from recovering personal information and possibly using it for nefarious purposes, AVAST researchers found after purchasing 20 "wiped" devices on eBay and digging up, altogether, more than 40,000 individual bits of data.

Although there was some overlap, AVAST purchased a variety of devices, including the HTC One X for AT&T, HTC EVO 4G, HTC ThunderBolt ADR6400L for Verizon, HTC Sensation 4G, Samsung Galaxy S2 from Sprint, Samsung Galaxy S3, Samsung Galaxy S4 for AT&T, LG Optimus L9 P769, and Motorola Droid RAZR MAXX XT912.

From all of those devices, more than 40,000 photographs were recovered, according to a Tuesday post. More than 1,500 pictures were family photos of children, more than 750 were nude photos of women, and more than 250 were “selfies” of male genitals presumably taken by the previous owner.

Additionally, more than a thousand Google searches, more than 750 emails and text messages, more than 250 contact names and email addresses, and four identities of previous owners were also recovered, as well as a completed loan application.

No business data or company information was recovered, Jaromír Hořejší, malware analyst with AVAST, told in a Tuesday email correspondence.

“We recovered some compromising photos, which may cause significant problems and embarrassment [if] someone published them or used [them] for blackmailing,” Hořejší said. “If some recovered documents contained, for example, passwords, it then may of course lead to identity theft.”

Sensitive information can be recovered from Android smartphones because deleting a file the “regular way” only results in a reference to the file being deleted and the area being marked as free, Hořejší said. In actuality, the entire file just remains where it is until overwritten by something else.

“In a nutshell, first we rooted all the phones, then we cloned 'data' or 'userdata' partitions, then we searched for known patterns and file format signatures, [such as] pictures, databases, coordinates, [and] Facebook chats,” Hořejší said. “All interesting data was recovered from 'data' or 'userdata' partitions. Sometimes the data was stored on the external memory card.”

Page 1 of 2
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Ground system for weather satellites contains thousands of 'high-risk' bugs

Ground system for weather satellites contains thousands of ...

An audit of the Joint Polar Satellite System ground system revealed thousands of vulnerabilities, most of which will be addressed in two years when the next version of the system ...

Threat report on Swedish firms shows 93 percent were breached

The study by KPMG and FireEye also found that 49 percent of detected malware was unknown.

Former acting HHS cyber director convicted on child porn charges

Former acting HHS cyber director convicted on child ...

Timothy DeFoggi, who was nabbed by the FBI last year in its Operation Torpedo investigation was convicted by federal jury in Nebraska.