Results 1 to 7 of 7
  1. #1
    Thursday, August 31, 2006
    Don't keep secrets on your cell phone; it might not keep them
    By Associated Press

    WASHINGTON - Don't tell your cell phone any secrets. It might not
    keep them.

    Secondhand phones purchased over the Internet surrendered credit
    card numbers, banking passwords, business secrets and even evidence of
    adultery.

    One married man's girlfriend sent a text message to his cell
    phone: His wife was getting suspicious. Perhaps they should cool it for
    a few days.

    "So," she wrote, "I'll talk to u next week."

    "You want a break from me? Then fine," he wrote back.

    Later, the married man bought a new phone. He sold his old one on
    eBay Inc. for $290.

    The guys who bought it now know his secret.

    The married man had followed the directions in his phone's manual
    to erase all his information, including lurid exchanges with his lover.
    But it wasn't enough.

    Selling your old phone once you upgrade to a fancier model can be
    like handing over your diaries. All sorts of sensitive information pile
    up inside our cell phones, and deleting it may be more difficult than
    you think.

    A popular practice among sellers, resetting the phone, often means
    sensitive information appears to have been erased. But it can be
    resurrected using specialized yet inexpensive software found on the
    Internet.

    A company, Trust Digital of McLean, Va., bought 10 phones on eBay
    this summer to test phone-security tools it sells for businesses. The
    phones all were fairly sophisticated models capable of working with
    corporate e-mail systems.

    Curious software experts at Trust Digital resurrected information
    on nearly all the used phones, including the racy exchanges between
    guarded lovers.

    The other phones contained:

    - One company's plans to win a multimillion-dollar federal
    transportation contract.

    - E-mails about another firm's $50,000 payment for a software
    license.

    - Bank accounts and passwords.

    - Details of prescriptions and receipts for one worker's utility
    payments.

    The recovered information was equal to 27,000 pages _ a stack of
    printouts 8 feet high.

    "We found just a mountain of personal and corporate data," said
    Nick Magliato, Trust Digital's chief executive.

    Many of the phones were owned personally by the sellers but crammed
    with sensitive corporate information, underscoring the blurring of work
    and home. "They don't come with a warning label that says, 'Be
    careful.' The data on these phones is very important," Magliato said.


    One phone surrendered the secrets of a chief executive at a small
    technology company in Silicon Valley. It included details of a pending
    deal with Adobe Systems Inc. and e-mail proposals from a potential
    Japanese partner:

    "If we want to be exclusive distributor in Japan, what kind of
    business terms you want?" asked the executive in Japan.

    Trust Digital surmised that the U.S. chief executive gave his old
    phone to a former roommate, who used it briefly then sold it for $400
    on eBay. Researchers found e-mails covering different periods for both
    men, who used the same address until recently.

    Experts said giving away an old phone is commonplace. Consumers
    upgrade their cell phones on average about every 18 months.

    "Most people toss their phones after they're done; a lot of them
    give their old phones to family members or friends," said Miro
    Kazakoff, a researcher at Compete Inc. of Boston who follows mobile
    phone sales and trends. He said selling a used phone _ which sometimes
    can fetch hundreds of dollars _ is increasingly popular.

    The 10 phones Trust Digital studied represented popular models from
    leading manufacturers. All the phones stored information on flash
    memory chips, the same technology found in digital cameras and some
    music players.

    Flash memory is inexpensive and durable. But it is slow to erase
    information in ways that make it impossible to recover. So
    manufacturers compensate with methods that erase data less completely
    but don't make a phone seem sluggish.

    Phone manufacturers usually provide instructions for safely
    deleting a customer's information, but it's not always convenient
    or easy to find. Research in Motion Ltd. has built into newer
    Blackberry phones an easy-to-use wipe program.

    Palm Inc., which makes the popular Treo phones, puts directions
    deep within its Web site for what it calls a "zero out reset." It
    involves holding down three buttons simultaneously while pressing a
    fourth tiny button on the back of the phone.

    But it's so awkward to do that even Palm says it may take two
    people. A Palm executive, Joe Fabris, said the company made the process
    deliberately clumsy because it doesn't want customers accidentally
    erasing their information.

    Trust Digital resurrected erased e-mails and other information from
    a used Treo phone provided by The Associated Press after it was reset
    and appeared empty. The AP ordinarily purges its phones the correct
    way, but for demonstration purposes turned over a reporter's phone
    that had been simply reset to see whether Trust Digital could recover
    the information. It did.

    Once the AP phone was properly wiped using Palm's awkward
    zero-out technique, no information could be recovered.

    "The tools are out there" for hackers and thieves to rummage
    through deleted data on used phones, Trust Digital's chief technology
    officer, Norm Laudermilch, said. "It definitely does not take a Ph.D."

    Fabris, Palm's director of wireless solutions, said after AP's
    inquiries that the company may warn customers in an upcoming newsletter
    about the risks of selling their used phones. "It might behoove us to
    raise this issue," Fabris said.

    Dean Olmstead of Fresno, Calif., sold his Treo phone on eBay after
    using it six months. He didn't know about Palm's instructions to
    delete safely all his personal information. Now he's worried.

    "I probably should have done that," Olmstead said. "Folks need to
    know this. I'm hoping my phone goes to a nice person."

    Guy Martin of Albuquerque, N.M., wasn't as concerned someone will
    snoop on his secrets. He also sold his Treo phone on eBay and didn't
    delete his information completely.

    "I'm not that kind of valuable person, so I'm not really
    worried," said Martin, who runs the http://www.imusteat.com Web site.
    "I guarantee that three-quarters of the people who buy these phones
    don't think about this."

    Trust Digital found no evidence that thieves or corporate spies are
    routinely buying used phones to mine them for secrets, Magliato said.
    "I don't think the bad guys have figured this out yet."

    President Bush's former cybersecurity adviser, Howard Schmidt,
    carried up to four phones and e-mail devices _ and said he was always
    careful with them. To sanitize his older Blackberry devices, Schmidt
    would deliberately type his password incorrectly 11 times, which caused
    data on them to self-destruct.

    "People are just not aware how much they're exposing themselves,"
    Schmidt said. "This is more than something you pick up and talk on.
    This is your identity. There are people really looking to exploit
    this."

    Executives at Trust Digital agreed to review with the AP the
    information extracted from the used phones on the condition the AP
    would not identify the sellers or their employers. They also showed the
    AP receipts from the Internet auctions in which they bought the 10
    phones over the summer for $192 to $400 each.

    Trust Digital said it intends to return all the phones to their
    original owners and said it kept the recovered personal information on
    a single computer under lock and disconnected from its corporate
    network at its headquarters in northern Virginia.

    Peiter "Mudge" Zatko, a computer security expert, said phone owners
    should decide whether to auction their used equipment for a few hundred
    dollars _ and risk revealing their secrets _ or effectively toss their
    old phones under a large truck to dispose of them.

    What about a case like the Lothario whose affair Trust Digital
    discovered?

    "I'd run over the phone," Zatko said. "Maybe give it an acid
    bath."




    See More: Don't keep secrets on your cell phone; it might not keep them




  2. #2
    Nomen Nescio
    Guest

    Re: Don't keep secrets on your cell phone; it might not keep them

    [email protected] wrote:

    > Thursday, August 31, 2006
    > Don't keep secrets on your cell phone;


    That's some sort of profound revelation?



  3. #3
    Ed Stasiak
    Guest

    Re: Don't keep secrets on your cell phone; it might not keep them

    > [email protected] wrote
    >
    > By Associated Press
    >
    > All the phones stored information on flash memory chips, the same
    > technology found in digital cameras and some music players. Flash
    > memory is inexpensive and durable. But it is slow to erase information
    > in ways that make it impossible to recover.


    So couldn't someone looking to sell their old cell phone just remove
    and destroy the flash memory chip, or this too difficult to do?




  4. #4
    Tinman
    Guest

    Re: Don't keep secrets on your cell phone; it might not keep them

    Ed Stasiak wrote:
    >> [email protected] wrote
    >>
    >> By Associated Press
    >>
    >> All the phones stored information on flash memory chips, the same
    >> technology found in digital cameras and some music players. Flash
    >> memory is inexpensive and durable. But it is slow to erase
    >> information in ways that make it impossible to recover.

    >
    > So couldn't someone looking to sell their old cell phone just remove
    > and destroy the flash memory chip, or this too difficult to do?


    Destroying a phone is a helluva way to be "looking to sell" it.

    (Flash memory is used in more than just removable memory cards.)


    --
    Mike





  5. #5
    Bob Ward
    Guest

    Re: Don't keep secrets on your cell phone; it might not keep them

    On 2 Sep 2006 10:43:29 -0700, "Ed Stasiak" <[email protected]> wrote:

    >> [email protected] wrote
    >>
    >> By Associated Press
    >>
    >> All the phones stored information on flash memory chips, the same
    >> technology found in digital cameras and some music players. Flash
    >> memory is inexpensive and durable. But it is slow to erase information
    >> in ways that make it impossible to recover.

    >
    >So couldn't someone looking to sell their old cell phone just remove
    >and destroy the flash memory chip, or this too difficult to do?



    That kind of reduces the resale value...




  6. #6
    Ed Stasiak
    Guest

    Re: Don't keep secrets on your cell phone; it might not keep them

    > Bob Ward wrote
    > Tinman wrote
    > > Ed Stasiak wrote
    > >
    > > So couldn't someone looking to sell their old cell phone just remove
    > > and destroy the flash memory chip, or this too difficult to do?

    >
    > Destroying a phone is a helluva way to be "looking to sell" it.
    > That kind of reduces the resale value...


    That should have said; "remove and destroy the flash memory
    chip and _replace it_ with a new one", but I'm guessing that's
    not possible?

    If that's the case, then cell phone manufacturers ought to start
    making them that way, as it would encourage consumers to
    replace their phones more often and thus increase sales for
    the phone makers.

    *shrugs* I don't know nut'n about cell phones beyond making
    a phone call and as I've had the same one for 5 years now, I
    doubt it would be worth much if I did try to sell it anyway.




  7. #7
    skip
    Guest

    Re: Don't keep secrets on your cell phone; it might not keep them

    "Ed Stasiak" <[email protected]> wrote in news:1157304807.366755.135630
    @i3g2000cwc.googlegroups.com:

    >> Bob Ward wrote
    >> Tinman wrote
    >> > Ed Stasiak wrote
    >> >
    >> > So couldn't someone looking to sell their old cell phone just remove
    >> > and destroy the flash memory chip, or this too difficult to do?

    >>
    >> Destroying a phone is a helluva way to be "looking to sell" it.
    >> That kind of reduces the resale value...

    >
    > That should have said; "remove and destroy the flash memory
    > chip and _replace it_ with a new one", but I'm guessing that's
    > not possible?
    >
    > If that's the case, then cell phone manufacturers ought to start
    > making them that way, as it would encourage consumers to
    > replace their phones more often and thus increase sales for
    > the phone makers.
    >
    > *shrugs* I don't know nut'n about cell phones beyond making
    > a phone call and as I've had the same one for 5 years now, I
    > doubt it would be worth much if I did try to sell it anyway.
    >
    >

    Damn now I suppose everyone will knnow about my Penis reduction surgery



  • Similar Threads