google

Tuesday, October 7, 2008

Mobile phones can never be totally wiped clean of data - Yahoo News - 06 Oct 2008

Melbourne, Oct 6 (ANI): Each year millions of mobile phones are lost or discarded with their personal data, which can eventually be extracted by someone or the other, making cell phones extremely vulnerable to breach of privacy, according to a new study.

The study has shown that cell phones cannot be wiped off completely and hence it can get risky to discard or recycle the phones, which could contain information like business plans, details of customer relationships, information on the structure of the company, details of bank accounts and details about children and other personal relationships.

Unlike a PC, which has an open architecture, mobile phones are closed books in terms of where data resides.

"It has taken us over a year to get talks going with Nokia that now allows us to wipe their phones," the Sydney Morning Herald quoted Jon Godfrey, director of Sims Lifecycle Services, which recycles mobiles, as saying.

He added: "We have to go through a different process with each manufacturer. To wipe it, you have to be able to access all the memory - and manufacturers don't want you to do that for all sorts of commercial reasons."

As part of a study into data loss on mobile devices by BT (formerly British Telecom), Glamorgan University, Australia's Edith Cowan University and Sim Lifecycle Services, the researchers recovered many handsets from mobile phone recycling companies

The study was aimed at showing just how much data a mobile device could collect about someone.

The researchers found that people usually underestimated just how much data was held on their PDAs and phones, and there were a very few individuals who took any care to secure them against loss or theft.

While, the phone industry is launching new devices that will be able to hold huge amounts of information and financial services industry aiming to turn mobiles into payment devices that incorporate credit cards, such vulnerability of mobile phones could prove to be quite dangerous.

Two years ago Communications-Electronics Security Group, the technical wing of the British Government's eavesdropping organisation, Government Communications Headquarters, which is responsible for advising the government on technology vulnerabilities, gave a private briefing that mobile phones cannot be wiped.

While CESG claimed that measures could be taken to prevent any leak of information via mobiles, its spokesman did not reveal what those measures are.

According to Godfrey, at Sims Lifecycle Services, says a discarded unwiped phone or PDA is "a perfect tool for social engineering and it's only going to get worse" as the storage capacity of mobile devices increases.

"The point of this work is really to bring across to people the risks that mobile phones present to their personal data," he said.

In the survey, seven per cent of devices were found to have enough personal data on them for the individual concerned to have their identity stolen and seven per cent would have allowed a corporate fraud to have taken place.

Another two per cent still had SIM cards in them, while 27 per cent of the BlackBerrys in the survey had company data and 16 per cent carried personal information.

Of the 161 devices in the survey, many were first-generation GSM phones and only 82 could be made to work, which alone was significant enough, said Dr Andy Jones, head of information security research at BT's research centre.

Professor Andrew Blyth, of Glamorgan University's computer forensics department, said: "There are no tools out there at the moment that let you destroy the data on mobile phones so I think that people need to take the appropriate measures to protect their personal data." (ANI)

No comments: