How is data taken from devices?
Table of Contents
All the stories out there about data mined off of old devices raise an interesting question. Just how do people get data off of an old device?
The answer: very easily. If you can recover old data through data recovery software, so can anyone else. If the police can get into devices, so can identity thieves.
There are tons of ways to get old data if a device is not securely wiped or destroyed, from simple oversights like losing an unlocked phone to extensive forensic software,
The simplest and most obvious way people get data off devices is simple negligence or just plain bad timing. You lose your phone and don’t know how to remotely wipe it or find it, or someone gets into the device before you have the chance.
Learn about protecting your devices.
Data recovery software
Here’s where the lack of a secure method of data destruction can get people into hot water. It may look like deleting the files, resetting a device to factory settings or reformatting a hard drive may be enough. In reality, those methods still leave gaps where old data can still be retrieved.
There’s a slew of data recovery software on the market specifically for people who need to get into their old devices and hard drives. These programs can easily pull up lost and overwritten files from reformatted drives. And they’re made to be extremely easy to use.
Hard drives need to be securely handled or a simple adapter device can take data from them quite easily. One such device is the Sabrent USB 3.0 to SATA/IDE Adapter. Howtogeek.com recommends the device using for getting data off of old hard drives.
The adapter turns the hard drive into a plug-in portable hard drive or flash drive. From there, you can stick the device into just about any modern computer. After this, the drive just pops up as a removable disk and generally, people are good to remove the data. Sometimes a message will pop up telling someone they don’t have access to those files. However, adjustments to file permissions can work around that.
With the way everything is synced between tablets, phones and laptops these days, people can go in and get data more easily.
Wired ran an article about how the police could get data off of devices running iOS 8 like it was child’s play. And they can do it on locked phones.
The trick was tested by forensics expert Jonathan Zdziarski. He managed to get into a device to find everything from photos to Twitter content after using forensic software to mimic a trusted computer that the phone had synced to.
“I can do it. I’m sure the guys in suits in the governments can do it,” said Zdziarski to Wired. “And I’m sure that there are at least three or four commercial tools that can still do this, too.”
The method requires a “pairing record”. This is a key that can be found on a computer the device shared with in the past. The key can be accessed with malware into that shared computer. Or if the device was stolen with the shared laptop, that would make a data breach very easy to conduct.
A factory reset isn’t enough
As a testament to how weak a factory reset can be, the computer security company Avast purchased 20 used Android phones. With simple forensics software anyone can purchase (like FTK Imager), they uncovered over 40,000 photos, emails, texts and identities of sellers.
Avast said, “When a file is deleted, the operating system merely deletes the corresponding pointers in the file table and marks the space that is occupied by the file as free. The reality is that the file is not deleted and the data it contained still remains on the drive or storage card.”
So the solution? BlackBerry and iPhones are supposed to delete personal information well. But if you want to sell an Android or Windows XP device, there are several apps that will wipe data. The key is to be safe and do your research before you sell or donate any device.
Data apps and other tricks
Then there are the millions of other little ways people can recover data off phones. These tricks are usually geared for people who just had the bad luck of a computer hard drive fail and now desperately need to recover data without the use of the normally synced computer. But in the hands of data miners, these tricks could upend tons of data on a phone that hasn’t been properly wiped.
A few such tricks were offered by Gigaom, such as using an image capture app to access photos, Macroplant’s iPhone Explorer to pull music lists and using the iPhone Backup Extractor to pull data off of unencrypted backup files.
Ars technica also ran a feature detailing how getting personal data off an iPhone can work from the inside out. Tools like Elcomsoft, which was made by reverse-engineering Apple’s safety protocols, can get users’ personal data. The software even allows a “Password Recovery Master” feature that gets passwords via trying dictionary words and brute-force password guessing.
The importance of data security
If any of these techniques have a main message, it’s this: Securely destroy your data. Make sure your device is wiped with secure wipe apps. These tactics also really highlight the importance of making sure computers are properly wiped. This may require calling in the professionals to physically destroy hard drives, securely overwrite data or degauss a device.