Private data and second-hand sales- Data delusion on private devices
Sandy Neulane
22 May 2022
Kaspersky’s Global Research and Analysis Team (GReAT) has examined security in secondhand devices. The devices, which DACH research heads Marco Preuss and Christian Funk scrutinized for two months in late 2020, included used laptop computers and a variety of storage media such as hard drives and memory cards.
Their goal was not to determine differences according to device type but rather to examine the data on them — to learn how electronic data relates to person-to-person or other secondary market sales.
Findings
An overwhelming majority of the devices the researchers examined contained at least some traces of data — mostly personal but some corporate — and more than 16% of the devices gave the researchers access outright. Another 74% gave up the goods when the researchers applied file-carving methods. A bare 11% had been wiped properly. The data Preuss and Funk found included items that could potentially be harmless or terribly revealing and even dangerous: calendar entries, meeting notes, company resource access data, internal documents, personal photos, medical information, tax documents, and more. Furthermore, as Funk pointed out, personal data doesn’t tend to lose value over time; you can’t simply wait out the risk and feel safer after some time passes.
The malware?
It’s safe to say no one else shares your precise tolerance for digital device security. Some may lock things up even tighter than you do, but if you’re buying secondhand, it’s not unlikely you’ll receive not just someone else’s data but also bonus malware. Of the devices Preuss and Funk examined, 17% triggered our virus scanner alarms.
Seller, beware!
Although approximately 10% of the survey’s respondents had been given devices on which they found the seller’s info, not many of them would ignore, immediately delete, or report found data to the original owner or any authorities. Beyond just taking a peek (which 74% of respondents said they’d find a way to do), more than 1 in 10 admitted they would sell the data they found if they thought they could profit from it.
The United Kingdom’s National Cyber Security Center provides some practical advice for buyers and sellers of second hand electronic devices, from backing up personal data to making sure the device is as clean as a new one would be.Direct Publication Source: https://www.kaspersky.com/blog/data-on-used-devices/38610/
Comments