The Inquirer-Home

CEX and Cash Converters are selling smartphones containing users' personal data

UK pawnbrokers are failing to wipe mobiles before re-selling them
Fri Feb 07 2014, 10:31
Smartphones

TWO UK PAWNBROKERS have been selling second-hand smartphones without having first wiped them, a Channel 4 investigation has revealed.

Channel 4's 'data baby' investigation has revealed that pawnbrokers CEX and Cash Converters have been selling second-hand mobile phones containing sensitive information from their previous owners, despite promising these customers that the phones would be fully wiped before being sold on.

This information includes things such as text messages, passwords, credit card details and even hospital records, the probe uncovered, leaving those former owners vulnerable to fraud and indentity theft.

What's more, one of the handsets that Channel 4 picked up contained employment documents that gave the previous owner's company email address and password, while another revealed a teengagers pornographic web browsing history.

The broadcaster partnered with Sensepost during the investigation, a security group that managed to extract sensitive information from a second-hand smartphone in "less than an hour."

Glen Wilkinson, a security analyst at Sensepost said although the handsets that Channel 4 picked up from the pawnbrokers looked as if they had been wiped, sensitive data was easily accessible, with the factory resets being carried out failing to remove all the users' information.

He said, "The phones look like they're completely blank, but the data is still there in the memory. You can use software to find it, and that software is freely available for download. I can teach you how to access the data in 10 minutes."

Cash Convertors CEO David Patrick told Channel 4 that the pawnbroker does wipe phones to some extend, but admitted that the company has been selling on smartphones knowing that sensitive data can still be accessed.

He said, "All phones are wiped to a standard level and full factory restores are carried out. It is our understanding that specialist software may still be able to recover certain information stored on the phone, but we do everything in our power to ensure all personal data is removed from the device."

CEX also commented, saying that the pawnbroker is looking to improve the way that it wipes handsets. A spokesperson for the company said, "As technology evolves so do our systems and we are currently rolling out a new procedure that improves on the current erasing technique used in the second hand phone market."

As if being outed on Channel 4 news for their unsecure practices wasn't enough, the Information Commissioner (ICO) has said that it has launched an investigation into the two pawnbrokers.

Information Commissioner Christopher Graham said that, "I was very surprised and rather disturbed by what Channel 4 News discovered. Apparently the retailers in question had represented those phones as being 'cleaned' but as we've seen they're anything but cleaned.

"There's a wake-up call for consumers: how much data remains on your phone when you've wiped it? And for the retailers: if you say that this has been factory reset, Channel 4 News's report shows this is clearly not enough." µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?