Results 1 to 7 of 7
- 09-01-2006, 02:20 PM #1Guest
Thursday, August 31, 2006
Don't keep secrets on your cell phone; it might not keep them
By Associated Press
WASHINGTON - Don't tell your cell phone any secrets. It might not
keep them.
Secondhand phones purchased over the Internet surrendered credit
card numbers, banking passwords, business secrets and even evidence of
adultery.
One married man's girlfriend sent a text message to his cell
phone: His wife was getting suspicious. Perhaps they should cool it for
a few days.
"So," she wrote, "I'll talk to u next week."
"You want a break from me? Then fine," he wrote back.
Later, the married man bought a new phone. He sold his old one on
eBay Inc. for $290.
The guys who bought it now know his secret.
The married man had followed the directions in his phone's manual
to erase all his information, including lurid exchanges with his lover.
But it wasn't enough.
Selling your old phone once you upgrade to a fancier model can be
like handing over your diaries. All sorts of sensitive information pile
up inside our cell phones, and deleting it may be more difficult than
you think.
A popular practice among sellers, resetting the phone, often means
sensitive information appears to have been erased. But it can be
resurrected using specialized yet inexpensive software found on the
Internet.
A company, Trust Digital of McLean, Va., bought 10 phones on eBay
this summer to test phone-security tools it sells for businesses. The
phones all were fairly sophisticated models capable of working with
corporate e-mail systems.
Curious software experts at Trust Digital resurrected information
on nearly all the used phones, including the racy exchanges between
guarded lovers.
The other phones contained:
- One company's plans to win a multimillion-dollar federal
transportation contract.
- E-mails about another firm's $50,000 payment for a software
license.
- Bank accounts and passwords.
- Details of prescriptions and receipts for one worker's utility
payments.
The recovered information was equal to 27,000 pages _ a stack of
printouts 8 feet high.
"We found just a mountain of personal and corporate data," said
Nick Magliato, Trust Digital's chief executive.
Many of the phones were owned personally by the sellers but crammed
with sensitive corporate information, underscoring the blurring of work
and home. "They don't come with a warning label that says, 'Be
careful.' The data on these phones is very important," Magliato said.
One phone surrendered the secrets of a chief executive at a small
technology company in Silicon Valley. It included details of a pending
deal with Adobe Systems Inc. and e-mail proposals from a potential
Japanese partner:
"If we want to be exclusive distributor in Japan, what kind of
business terms you want?" asked the executive in Japan.
Trust Digital surmised that the U.S. chief executive gave his old
phone to a former roommate, who used it briefly then sold it for $400
on eBay. Researchers found e-mails covering different periods for both
men, who used the same address until recently.
Experts said giving away an old phone is commonplace. Consumers
upgrade their cell phones on average about every 18 months.
"Most people toss their phones after they're done; a lot of them
give their old phones to family members or friends," said Miro
Kazakoff, a researcher at Compete Inc. of Boston who follows mobile
phone sales and trends. He said selling a used phone _ which sometimes
can fetch hundreds of dollars _ is increasingly popular.
The 10 phones Trust Digital studied represented popular models from
leading manufacturers. All the phones stored information on flash
memory chips, the same technology found in digital cameras and some
music players.
Flash memory is inexpensive and durable. But it is slow to erase
information in ways that make it impossible to recover. So
manufacturers compensate with methods that erase data less completely
but don't make a phone seem sluggish.
Phone manufacturers usually provide instructions for safely
deleting a customer's information, but it's not always convenient
or easy to find. Research in Motion Ltd. has built into newer
Blackberry phones an easy-to-use wipe program.
Palm Inc., which makes the popular Treo phones, puts directions
deep within its Web site for what it calls a "zero out reset." It
involves holding down three buttons simultaneously while pressing a
fourth tiny button on the back of the phone.
But it's so awkward to do that even Palm says it may take two
people. A Palm executive, Joe Fabris, said the company made the process
deliberately clumsy because it doesn't want customers accidentally
erasing their information.
Trust Digital resurrected erased e-mails and other information from
a used Treo phone provided by The Associated Press after it was reset
and appeared empty. The AP ordinarily purges its phones the correct
way, but for demonstration purposes turned over a reporter's phone
that had been simply reset to see whether Trust Digital could recover
the information. It did.
Once the AP phone was properly wiped using Palm's awkward
zero-out technique, no information could be recovered.
"The tools are out there" for hackers and thieves to rummage
through deleted data on used phones, Trust Digital's chief technology
officer, Norm Laudermilch, said. "It definitely does not take a Ph.D."
Fabris, Palm's director of wireless solutions, said after AP's
inquiries that the company may warn customers in an upcoming newsletter
about the risks of selling their used phones. "It might behoove us to
raise this issue," Fabris said.
Dean Olmstead of Fresno, Calif., sold his Treo phone on eBay after
using it six months. He didn't know about Palm's instructions to
delete safely all his personal information. Now he's worried.
"I probably should have done that," Olmstead said. "Folks need to
know this. I'm hoping my phone goes to a nice person."
Guy Martin of Albuquerque, N.M., wasn't as concerned someone will
snoop on his secrets. He also sold his Treo phone on eBay and didn't
delete his information completely.
"I'm not that kind of valuable person, so I'm not really
worried," said Martin, who runs the http://www.imusteat.com Web site.
"I guarantee that three-quarters of the people who buy these phones
don't think about this."
Trust Digital found no evidence that thieves or corporate spies are
routinely buying used phones to mine them for secrets, Magliato said.
"I don't think the bad guys have figured this out yet."
President Bush's former cybersecurity adviser, Howard Schmidt,
carried up to four phones and e-mail devices _ and said he was always
careful with them. To sanitize his older Blackberry devices, Schmidt
would deliberately type his password incorrectly 11 times, which caused
data on them to self-destruct.
"People are just not aware how much they're exposing themselves,"
Schmidt said. "This is more than something you pick up and talk on.
This is your identity. There are people really looking to exploit
this."
Executives at Trust Digital agreed to review with the AP the
information extracted from the used phones on the condition the AP
would not identify the sellers or their employers. They also showed the
AP receipts from the Internet auctions in which they bought the 10
phones over the summer for $192 to $400 each.
Trust Digital said it intends to return all the phones to their
original owners and said it kept the recovered personal information on
a single computer under lock and disconnected from its corporate
network at its headquarters in northern Virginia.
Peiter "Mudge" Zatko, a computer security expert, said phone owners
should decide whether to auction their used equipment for a few hundred
dollars _ and risk revealing their secrets _ or effectively toss their
old phones under a large truck to dispose of them.
What about a case like the Lothario whose affair Trust Digital
discovered?
"I'd run over the phone," Zatko said. "Maybe give it an acid
bath."
› See More: Don't keep secrets on your cell phone; it might not keep them
- 09-02-2006, 01:50 AM #2Nomen NescioGuest
Re: Don't keep secrets on your cell phone; it might not keep them
[email protected] wrote:
> Thursday, August 31, 2006
> Don't keep secrets on your cell phone;
That's some sort of profound revelation?
- 09-02-2006, 11:43 AM #3Ed StasiakGuest
Re: Don't keep secrets on your cell phone; it might not keep them
> [email protected] wrote
>
> By Associated Press
>
> All the phones stored information on flash memory chips, the same
> technology found in digital cameras and some music players. Flash
> memory is inexpensive and durable. But it is slow to erase information
> in ways that make it impossible to recover.
So couldn't someone looking to sell their old cell phone just remove
and destroy the flash memory chip, or this too difficult to do?
- 09-02-2006, 11:55 AM #4TinmanGuest
Re: Don't keep secrets on your cell phone; it might not keep them
Ed Stasiak wrote:
>> [email protected] wrote
>>
>> By Associated Press
>>
>> All the phones stored information on flash memory chips, the same
>> technology found in digital cameras and some music players. Flash
>> memory is inexpensive and durable. But it is slow to erase
>> information in ways that make it impossible to recover.
>
> So couldn't someone looking to sell their old cell phone just remove
> and destroy the flash memory chip, or this too difficult to do?
Destroying a phone is a helluva way to be "looking to sell" it.
(Flash memory is used in more than just removable memory cards.)
--
Mike
- 09-02-2006, 11:40 PM #5Bob WardGuest
Re: Don't keep secrets on your cell phone; it might not keep them
On 2 Sep 2006 10:43:29 -0700, "Ed Stasiak" <[email protected]> wrote:
>> [email protected] wrote
>>
>> By Associated Press
>>
>> All the phones stored information on flash memory chips, the same
>> technology found in digital cameras and some music players. Flash
>> memory is inexpensive and durable. But it is slow to erase information
>> in ways that make it impossible to recover.
>
>So couldn't someone looking to sell their old cell phone just remove
>and destroy the flash memory chip, or this too difficult to do?
That kind of reduces the resale value...
- 09-03-2006, 11:33 AM #6Ed StasiakGuest
Re: Don't keep secrets on your cell phone; it might not keep them
> Bob Ward wrote
> Tinman wrote
> > Ed Stasiak wrote
> >
> > So couldn't someone looking to sell their old cell phone just remove
> > and destroy the flash memory chip, or this too difficult to do?
>
> Destroying a phone is a helluva way to be "looking to sell" it.
> That kind of reduces the resale value...
That should have said; "remove and destroy the flash memory
chip and _replace it_ with a new one", but I'm guessing that's
not possible?
If that's the case, then cell phone manufacturers ought to start
making them that way, as it would encourage consumers to
replace their phones more often and thus increase sales for
the phone makers.
*shrugs* I don't know nut'n about cell phones beyond making
a phone call and as I've had the same one for 5 years now, I
doubt it would be worth much if I did try to sell it anyway.
- 09-03-2006, 11:39 AM #7skipGuest
Re: Don't keep secrets on your cell phone; it might not keep them
"Ed Stasiak" <[email protected]> wrote in news:1157304807.366755.135630
@i3g2000cwc.googlegroups.com:
>> Bob Ward wrote
>> Tinman wrote
>> > Ed Stasiak wrote
>> >
>> > So couldn't someone looking to sell their old cell phone just remove
>> > and destroy the flash memory chip, or this too difficult to do?
>>
>> Destroying a phone is a helluva way to be "looking to sell" it.
>> That kind of reduces the resale value...
>
> That should have said; "remove and destroy the flash memory
> chip and _replace it_ with a new one", but I'm guessing that's
> not possible?
>
> If that's the case, then cell phone manufacturers ought to start
> making them that way, as it would encourage consumers to
> replace their phones more often and thus increase sales for
> the phone makers.
>
> *shrugs* I don't know nut'n about cell phones beyond making
> a phone call and as I've had the same one for 5 years now, I
> doubt it would be worth much if I did try to sell it anyway.
>
>
Damn now I suppose everyone will knnow about my Penis reduction surgery
Similar Threads
- Verizon
- General Service Provider Forum
- alt.cellular.nextel
- alt.cellular
- Verizon
Aws gpu
in Chit Chat