All the latest UK technology news, reviews and analysis

Second-hand mobile sales present BYOD security threat

07 Feb 2014
Gartner says security of mobile devices will continue to be an issue

High-street pawn brokers are failing to properly secure second-hand electronic devices, despite promises to customers that their old smartphones would be securely wiped. The news will be of particular concern to businesses that allow employees to work on personal devices such as smartphones.

A Channel 4 News investigation uncovered several branches of national technology trade-in stores CEX and Cash Converters had failed to properly wipe their customers' devices, and sold them on with personal data still accessible.

With the help of security experts, Channel 4 News was able to extract data both the owners and brokers believed to have been deleted by a basic "factory reset". In addition to photos and web browsing history, they were also able to extract images of corporate documents and bank details.

The report comes as a warning to businesses that are not keeping track of the data their employees are keeping on their personal devices. Sean Sullivan, security advisor for F-Secure, told V3 that the problem goes beyond pawn shops, with phone recycling proving equally risky.

"I've researched the second-hand mobile market, much of it ends up in Africa and they know how to scan those devices," he said. "Everything is most likely scraped before it goes for sale."

"F-Secure's IT department puts a drill through old hard drives, yet even we don't have specific standards for BYOD [bring your own device] end of life. It's a complicated issue."

He concluded: "It's probably a good idea to inform BYOD users on end-of-life expectations, and for IT to offer assistance in wiping phones."

Further reading: Three quarters of UK businesses fail to secure their old hard disk data

Michael Darlington, technical director at Trend Micro, said that the responsibility must also lie with the devices' users. "With levels of data continuing to skyrocket, this news indicates education is still required on value and security of sensitive information – to counteract this culture of carelessness," he explained.

A spokesman for CEX said: "As technology evolves so do our systems and we are currently rolling out a new procedure that improves on the current erasing technique used in the second-hand phone market."

Meanwhile, chief executive of Cash Converters David Patrick said that his company did "everything in our power" to ensure all data was removed from the devices, saying they were "wiped to a standard level and full factory restores are carried out".

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Michael Passingham

Michael Passingham joined V3 as a reporter in June 2013. Prior to working at V3, Michael spent time at computing magazine PC Pro. Michael covers IT skills, social media, tech startups and also produces V3's video content.

View Michael's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

IT curriculum poll

With coding now compulsory in schools, how important are digital skills for the next generation of school leavers?

Popular Threads

Powered by Disqus
LG G3 in gold black and white

LG G3 vs Galaxy S5 video

We pit the two Korean firms' flagship smartphones against each other

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

[Mandarin] Technical Support

The Role We are looking for highly motivated, technically...

DBA (Database Administrator) - Preferably SQL Server with Oracle

Our client is seeking a DBA to work within its State...

DBA (Database Administrator) - Preferably SQL Server with Oracle

Our client is seeking a DBA to work within its State...

DBA (Database Administrator) - Preferably SQL Server with Oracle

Our client is seeking a DBA to work within its State...
To send to more than one email address, simply separate each address with a comma.