All the stories out there about data mined off of old devices raise an interesting question: Just how do people get data off of an old device? The answer: very easily. If you can recover old data through data recovery software, so can anyone else. If the police can get into devices, so can identity thieves. From simple oversights like losing an unlocked phone to extensive forensic software, there are tons of ways to get old data if a device is not securely wiped or destroyed.
The simplest and most obvious way people get data off devices is simple negligence or just plain bad timing. You lose your phone and don’t know how to remotely wipe it or find it, or someone gets into the device before you have the chance to wipe it.
Data recovery software.
Here’s where the lack of a secure method of data destruction can really get people into hot water. It may look like deleting files, resetting a device to factory settings or reformatting a hard drive may be enough, but in reality those methods still leave gaps where old data can still be retrieved.
There’s a slew of data recovery software on the market specifically for people who need to get into their old devices and hard drives. These programs can easily pull up lost files, overwritten files and files from reformatted drives. And they’re made to be extremely easy to use.
Hard drives really need to be securely handled or a simple adapter device can pull data right off of them. One such device is the Sabrent USB 3.0 to SATA/IDE Adapter that howtogeek.com recommends using for getting data off of old hard drives. The adapter essentially turns the hard drive into an easy-to-plug-in portable hard drive or flash drive that you can stick into just about any modern computer. From there, the drive just pops up as a removable disk and generally people are good to remove the data. Sometimes a message will pop up telling someone they don’t have access to those files, but some adjustments to file permissions settings can circumvent that.
With the way everything is synced between tablets, phones and laptops these days, people can go in and get data more easily. Wired ran an article about how the police could get data off of devices running iOS 8 like it was child’s play. And they can do it on locked phones. The trick was tested by forensics expert Jonathan Zdziarski, who managed to get into a device to find everything from photos to Twitter content after using forensic software to mimic a trusted computer that the phone had synced to.
“I can do it. I’m sure the guys in suits in the governments can do it,” said Zdziarski to Wired. “And I’m sure that there are at least three or four commercial tools that can still do this, too.”
The method requires a “pairing record,” which is a key that can be found on a computer the device shared with in the past. The key can be accessed with malware into that shared computer. Or if the device was stolen with the shared laptop, that would make a data breach a walk in the park.
As a testament to how weak a factory reset can really be, the computer security company Avast purchased 20 used Android phones. With simple forensics software anyone can purchase (like FTK Imager), they uncovered over 40,000 photos, emails, texts and identities of sellers.
Avast said, “When a file is deleted, the operating system merely deletes the corresponding pointers in the file table and marks the space that is occupied by the file as free. The reality is that the file is not deleted and the data it contained still remains on the drive or storage card.”
So the solution? BlackBerry and iPhones are supposed to delete personal information well. But if you want to sell an Android or Windows XP device, there are several apps that will wipe data and others that will work for anti-theft. The key is to be safe and do your research before you sell or donate any device.
Data apps and other tricks.
Then there are the millions of other little ways people can recover data off phones. These tricks are usually geared for people who just had the bad luck of a computer hard drive fail and now desperately need to recover data without the use of the normally synced computer. But in the hands of data miners, these tricks could upend tons of data on a phone that hasn’t been properly wiped.
A few such tricks were offered by Gigaom, such as using an image capture app to access photos, Macroplant’s iPhone Explorer to pull music lists and using the iPhone Backup Extractor to pull data off of unencrypted backup files.
Ars technica also ran a feature detailing how getting personal data off an iPhone can work from the inside out. Tools like Elcomsoft, which was made by reverse-engineering Apple’s safety protocols, can get users’ personal data. The software even allows a “Password Recovery Master” feature that gets passwords via trying dictionary words and brute-force password guessing.
The importance of data security.
If any of these techniques have a main message, it’s this: Securely destroy your data. Make sure your device is wiped with secure wipe apps. These tactics also really highlight the importance of making sure computers are properly wiped. This may require calling in the professionals to physically destroy hard drives, securely overwrite data or degauss a device.