High-street pawn brokers are failing to properly secure second-hand electronic devices, despite promises to customers that their old smartphones would be securely wiped. The news will be of particular concern to businesses that allow employees to work on personal devices such as smartphones.
A Channel 4 News investigation uncovered several branches of national technology trade-in stores CEX and Cash Converters had failed to properly wipe their customers' devices, and sold them on with personal data still accessible.
With the help of security experts, Channel 4 News was able to extract data both the owners and brokers believed to have been deleted by a basic "factory reset". In addition to photos and web browsing history, they were also able to extract images of corporate documents and bank details.
The report comes as a warning to businesses that are not keeping track of the data their employees are keeping on their personal devices. Sean Sullivan, security advisor for F-Secure, told V3 that the problem goes beyond pawn shops, with phone recycling proving equally risky.
"I've researched the second-hand mobile market, much of it ends up in Africa and they know how to scan those devices," he said. "Everything is most likely scraped before it goes for sale."
"F-Secure's IT department puts a drill through old hard drives, yet even we don't have specific standards for BYOD [bring your own device] end of life. It's a complicated issue."
He concluded: "It's probably a good idea to inform BYOD users on end-of-life expectations, and for IT to offer assistance in wiping phones."
Michael Darlington, technical director at Trend Micro, said that the responsibility must also lie with the devices' users. "With levels of data continuing to skyrocket, this news indicates education is still required on value and security of sensitive information – to counteract this culture of carelessness," he explained.
A spokesman for CEX said: "As technology evolves so do our systems and we are currently rolling out a new procedure that improves on the current erasing technique used in the second-hand phone market."
Meanwhile, chief executive of Cash Converters David Patrick said that his company did "everything in our power" to ensure all data was removed from the devices, saying they were "wiped to a standard level and full factory restores are carried out".