Thinking of selling your smartphone or laptop computer? If you have a BlackBerry or an iPhone, go right ahead. If you were planning to sell an Android phone or a computer running Windows XP, however, you may want to think again, McAfee identify theft expert Robert Siciliano says.
Siciliano recently purchased 30 electronic devices from Craigslist — mostly smartphones and laptops — to see how effective normal people are at removing personal information from their gadgets before selling them.
After he got the devices home, Siciliano, who calls himself a wannabe hacker, did some digging around in the phones and computers himself and then sent the machines to a forensics expert, who he describes as "just some kid who knows a lot about computers" to see what personal data he might glean.
Fifteen devices revealed no information about the previous owner's identity, no matter how thoroughly Siciliano and his young forensics specialist looked. But as for those other 15 devices -- they coughed up plenty of private data.
Siciliano said he was able to get bank account information, Social Security numbers, court documents, credit card account log-ins and a host of other personal data off those devices with not much effort.
And the worst part? Most of those devices had already been "wiped" by their previous owner—meaning all personal files had been deleted and the user had restored the device's factory settings as per the manufacturer's instructions.
"What's really scary is even if you follow protocol, the data is still there," Siciliano said.
So, what's the difference between the devices that still reveal personal information after being wiped and those that don't?
Siciliano said it came down to the type of device that was sold and what kind of operating system it was running.
BlackBerries were totally impenetrable, "RIM has fantastic software," he said. "They did a really good job of destroying data when you reset the factory settings."
Similarly, he was unable to get data off devices running iOS such as the iPad and the iPhone. Devices running Windows 7 that are wiped by their owners also got his vote of confidence.
As for smartphones running the Android system and computers running Windows XP, Siciliano said he recommends people don't sell them at all.
"Put it in the back of a closet, or put it in a vice and drill holes in the hard drive, or if you live in Texas take it out into a field and shoot it," he said. "You don't want to sell your identity for 50 bucks."