Security

Avast bought your phone on eBay & recovered what you thought you ‘wiped’

“This guy was really into anime porn,” says Caroline James, PR manager for Avast, pointing to a spread of papers with pictures of data taken from 20 smartphones purchased on eBay.

Security software firm Avast bought the phones as a test to see what they could find on theoretically “wiped” phones. What they found was a virtual goldmine of information: 40,000 photos — including nudie pics — 750 emails and texts, 250 names and addresses, one completed loan application, and a whole lot more. Only one of the phones had security software loaded on it, but that phone gave up some of the most sensitive information.

Hackers at Avast were able to identify the previous owner, access his Facebook page, plot his previous whereabouts through GPS coordinates, and find the names and numbers of more than a dozen of his closest contacts. What’s more, the company discovered a lot about this guy’s penchant for kink and a completed copy of a Sexual Harassment course — hopefully a preventative measure.

That’s some serious intel from a phone you thought you’d wiped clean.

The stunt is a part of an awareness campaign by Avast to make people, specifically Americans, realize just how insecure their mobile phones are — and to sell their mobile software for Android.

Only 14 percent of Americans installed anti-virus software on their phone, according to a recent Consumer Reports study. And only 8 percent use software that could erase their phone remotely. As Avast points out, factory resets aren’t as thorough as we think they are.

That’s because when you delete a file, it’s not really deleted. Rather the operating system deletes pointers that correspond to the file and marks the space that the file occupies as available so that it can eventually be overwritten. But until it’s overwritten, the file can still be restored. This is true for your cellphone and PC.

(See VentureBeat’s earlier coverage of this issue: “5 alarming things that can be undeleted from your phone.”)

“Selling your used phone is a good way to make a little extra money, but it’s a bad way to protect your privacy,” said Jude McColgan, the president of mobile at Avast. The company boasts that its mobile software doesn’t just erase pointers, it overwrites the file making it irretrievable.

Avast is not the only company trying to sell mobile security software. Major U.S. security brands like McAfee and Symantec have apps on the market — although they cost money. The security packages range in price, with most costing about $29.99 for the year, while Avast’s software is free and pretty extensive at that.

Beyond locking and remotely wiping your phone as needed, the company offers a variety of other tools to keep your Android phone safe from malware. And with a price tag of free it should be an easy sell to consumers. But clearly it’s not, because, as indicated earlier, few people in the U.S. use security software on their phones.

PCs for businesses and homes often come preloaded with antivirus software, so consumers may not be trained to think about security software — or its importance. Also, security software generally tends to eat up battery life.

But considering that Avast’s experiment wasn’t exactly advanced hacking, it may be time to consider securing your phone.

More about the companies and people from this article:

If you haven’t heard of AVAST, we’re only the most trusted name in antivirus, actively protecting more than 200 million PCs, Macs and Androids.... read more »

Powered by VBProfiles

40 comments
Steve Rodrigue
Steve Rodrigue

it's possible to encrypt all your stuff in Android. Go into Parameters - Security. 


Avast never tells this and you report their findings without giving all the information to your readers. Most OS don't encrypt data out of the box, neither storage solutions (hdd, usb drives, SD cards). 

Rehan Solo
Rehan Solo

I wish someone would actually post the execution of doing a data retrieval post a wipe or delete. The positive implications of data retrieval are just as important and I wish that was advertised. It's 2014 and all the tools available for this level of forensics costs thousands of dollars and is policed by the FBI or in the case only proprietary to an antivirus company. Even the theoretical concepts about how to access iOS registries to retrieve the data at pointers would help...geez c'mon

Spencer Kearton
Spencer Kearton

What recovery software did they use? I tried to recover an S3 for a customer with Recuva and several other applications with no luck. She deleted some baby pics of her daughter on accident, and wanted them back.

Al Jungle
Al Jungle

Used phones come with hentai? Score!

Horace Gregory
Horace Gregory

over writing wont solve this issue, a determined person will recover it, no matter how long it takes.

Jason Short
Jason Short

Sounds like they were buying Android junk... Factory rest on some of them doesn't even wipe the apps installed.

Erik Engstrom
Erik Engstrom

I bought a global blackberry for trips to Europe a decade ago. It arrived unwiped. Was the current head of a Canadian province's legal affairs. It was a phone that should not have gone out for resale.

Timothy Green
Timothy Green

I wonder how much of this was just information retrieved from SD credit cards remaining in the phone?   Manufacturer totally reset doesn't remove the SD card.  That's by design.

Spybubble 

Graham Hueber
Graham Hueber

another reason why you should just throw your old phone in a drawer and not sell it

JoAnn Brereton
JoAnn Brereton

I wonder how much of this was just data recovered from SD cards left in the phone?    Factory reset doesn't erase the SD card.  That's by design.

Alan Stadnyk
Alan Stadnyk

I'll shoot myself in the head before I take a sales pitch from Avast bloatware experts.

Jonathan Harrop
Jonathan Harrop

I assume these are Android phones, since it doesn't mention them being iPhones? 


That sort of thing should probably be noted in the article.

Steve Snyder
Steve Snyder

Sweet! I was wondering how to recover those nudie pictures my wife deleted! Where do I send my phone?!

Park Clayton
Park Clayton

just gonna start use my phones til they break and just recycle em

Moksh Makhija
Moksh Makhija

Use DoD 5220.22-M to wipe your phone memory and even forensics wont be able to retrieve your data

Gerald Bazillion
Gerald Bazillion

Or I could just use some software to write and rewrite over the sectors on the phone to the point where it's unrecoverable.

Jennifer Usher
Jennifer Usher

Cathy Summers hmmmm...idea sounds familiar.... :)

Sorin N. Puşcău
Sorin N. Puşcău

best way to make data unrecoverable is to burn the phone to a crisp, then smash it to a pulp:)

Valerio Capello
Valerio Capello

How can exactly an antivirus prevent your deleted data from being recovered? FUD at its best.

Bobby Fikree
Bobby Fikree

Or buy a Blackberry. Enter the password incorrectly a few times, watch it wipe your device for you.

Luke Mercuri
Luke Mercuri

Kye according to that WAHCKon talk it isn't possible on iphone 5/c/s

Volker Riebartsch
Volker Riebartsch

Old ones yes. Not on a new once restored via iTunes or settings

Kye Alan Russell
Kye Alan Russell

The same thing is applicable (albeit a bit harder) to iPhones. So what?

Jesmond Darmanin
Jesmond Darmanin

just need to delete all your files, and load on the phone some large files and duplicate them until the storage is full - the new files will overwrite older stuff

Ramón Méndez
Ramón Méndez

I guess I'll start throwing phones away instead.

Bobby, VP Robotics
Bobby, VP Robotics

Wait. Isn't Avast the company that loaded ABSOLUTELY NOT UNINSTALLABLE MALWARE on all their free version users computers? Or was that AVG??? Somebody needs to do some branding work

Steve Rodrigue
Steve Rodrigue

But, even if the iPhone is encrypted, you must protect your device with a pin code. If you lost your device and it's not protected by a pin, anyone can see and retrieve stuff from it. 

Kevin Payravi
Kevin Payravi

@Bobby Fikree Uh, I don't think you read the article. That's not how memory wiping works. From the article:


"That’s because when you delete a file, it’s not really deleted. Rather the operating system deletes pointers that correspond to the file and marks the space that the file occupies as available so that it can eventually be overwritten. But until it’s overwritten, the file can still be restored. This is true for your cellphone and PC."

felix boström
felix boström

@Bobby Fikree Not really, these phones were as much "wiped" as a blackberry would be after writing your password incorrectly a few times.

Like when you wipe a hard-drive you can still recover most of the data and it will not be completely wiped before you either destroy the Hard-drive physically or rewrite the storage with new data.

Pat Makarewicz
Pat Makarewicz

iPhones "delete" files the same way Android phones do. Same with Windows. 

Dylan Tweney
Dylan Tweney moderator VB Staff

@Bobby, VP Robotics I think that's AVG ... Avast publishes an uninstall utility that (based on a cursory Google search) seems to work.