Delicious Digg Facebook Favorites More Stumbleupon Twitter

Improperly Disposing Old Mobile Phones Could Leave Users Vulnerable to Data Theft and other Cyber Threats, Warns SANS Institute

The Middle East is one of the
leading markets for smartphones and countries such as the UAE and Saudi Arabia
boast over 90% smartphone
penetration[1] – among the highest in the
world. Smartphone manufacturers are well aware of this and top brands such as
Apple and Samsung now have just one year upgrade cycles on their flagship
models.

As a result, many consumers change their phones as often as once a year. This
enables them to enjoy the impressive features that the latest models offer, but
few give thought to disposing their old phones in the proper manner. In doing
so, they fail to acknowledge the security implications of their actions and thus
expose themselves to the threat of data theft.

« Today, mobile devices store far more sensitive data than users realize, often
more than their personal computers. This information can include where they
live, work and the places they visit frequently ; contact information for their
friends, family and co-workers ; messages and chats ; web-browsing history ;
personal photos, cloud storage and email ; and even stored passwords and access
to highly sensitive services such as online banking. Even a few leaked details
can leave users vulnerable to social engineering and phishing attacks which open
the floodgates to even more malicious and damaging attacks such as identify
theft, and cyber fraud, » says Ned Baltagi, Managing Director, Middle East &
Africa at SANS.

Luckily, if users are ready to make a conscious effort, they can effectively
safeguard themselves from such threats. SANS Institute recommends a few,
relatively easy steps which are as follows :

Wiping the Device

Regardless of how you dispose of your old smartphone, such as donating it,
exchanging it for a new one, giving it to another family member, reselling it,
or even throwing it out, you need to first make sure that you erase all the
sensitive data.

It is extremely important to keep in mind that simply deleting data is not
enough ! There are many tools readily available on the internet which can recover
this data. Instead, users need to ‘wipe’ their phones- a process that involves
not only deleting the stored information but overwriting it, often multiple
times, thus rendering it unrecoverable. Of course, this also means users need to
properly backup their phone prior to the process.

An easy way to wipe data from a smartphone is to use the phone’s inbuilt
‘factory-reset’ feature. While this works effectively for the iOS and Android
operating systems, it isn’t effective for Windows phones. Also, for this to be
effective, its important to first encrypt the phone before running the factory
reset as this ensure that the data is unreadable once restored to factory
settings.

SIMs and External Memory Cards

In addition to storing data on the device itself, smartphones tend to save some
information on the SIM. Unlike the phone’s internal storage, a factory reset
does not wipe data from the SIM. Often, when moving from one device to a newer
model, due to size differences, or the need to change the mobile number, users
need to purchase a new SIM card. In such scenarios, it is best to physically
shred or destroy the old card to prevent it from being reused.

To offer users added flexibility, many smartphones support external memory
cards. Over time, these cards accumulate information such as pictures,
application data, and other sensitive content. While these cards can be
transferred from one device to another, this might not always be possible or
desirable- for instance, the new phone may not support an external memory card,
or the user might require a card with great storage. As was the case with the
SIM card, users should consider physically destroying unused memory cards rather
than leave them lying about.

In the coming year, the number of cyber threats will no doubt increase. For
security professionals, institutions such as SANS raise cyber security awareness
and competency by offering professional training courses. As technology
integrates more with everyday life, consumers too need to develop such security
consciousness.

Source:: Global Security Mag

Text Widget

Aliquam ut tellus ligula. Nam blandit massa nec neque rutrum a euismod t ellus ultricies! Phasellus nulla tellus, fringilla quis tristique ornare, condi mentum non erat. Aliquam congue or nare varius.