All the latest UK technology news, reviews and analysis


Second-hand mobile sales present BYOD security threat

07 Feb 2014
Gartner says security of mobile devices will continue to be an issue

High-street pawn brokers are failing to properly secure second-hand electronic devices, despite promises to customers that their old smartphones would be securely wiped. The news will be of particular concern to businesses that allow employees to work on personal devices such as smartphones.

A Channel 4 News investigation uncovered several branches of national technology trade-in stores CEX and Cash Converters had failed to properly wipe their customers' devices, and sold them on with personal data still accessible.

With the help of security experts, Channel 4 News was able to extract data both the owners and brokers believed to have been deleted by a basic "factory reset". In addition to photos and web browsing history, they were also able to extract images of corporate documents and bank details.

The report comes as a warning to businesses that are not keeping track of the data their employees are keeping on their personal devices. Sean Sullivan, security advisor for F-Secure, told V3 that the problem goes beyond pawn shops, with phone recycling proving equally risky.

"I've researched the second-hand mobile market, much of it ends up in Africa and they know how to scan those devices," he said. "Everything is most likely scraped before it goes for sale."

"F-Secure's IT department puts a drill through old hard drives, yet even we don't have specific standards for BYOD [bring your own device] end of life. It's a complicated issue."

He concluded: "It's probably a good idea to inform BYOD users on end-of-life expectations, and for IT to offer assistance in wiping phones."

Further reading: Three quarters of UK businesses fail to secure their old hard disk data

Michael Darlington, technical director at Trend Micro, said that the responsibility must also lie with the devices' users. "With levels of data continuing to skyrocket, this news indicates education is still required on value and security of sensitive information – to counteract this culture of carelessness," he explained.

A spokesman for CEX said: "As technology evolves so do our systems and we are currently rolling out a new procedure that improves on the current erasing technique used in the second-hand phone market."

Meanwhile, chief executive of Cash Converters David Patrick said that his company did "everything in our power" to ensure all data was removed from the devices, saying they were "wiped to a standard level and full factory restores are carried out".

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Michael Passingham
About

Michael Passingham joined V3 as a reporter in June 2013. Prior to working at V3, Michael spent time at computing magazine PC Pro. Michael covers IT skills, social media, tech startups and also produces V3's video content.

View Michael's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Microsoft Azure outage

Is cloud computing reliable enough for business yet?
14%
7%
14%
65%

Popular Threads

Powered by Disqus
iPhone 6 is available in silver gold and space grey

iPhone 6 video review

The best iOS handset to date

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

IT Support Administrator

Distribution Technology (DT) is expanding its Technical...

Windows Systems Administrator - Server 2012, Hyper-V, AD, Exchange

Experienced Systems Administrator required to join a...

Desktop Analyst

AQA is the UK’s leading provider of qualifications and...

Desktop User Support

Desktop User Support Overview: The Babraham...
To send to more than one email address, simply separate each address with a comma.