Researchers at Cambridge University, Laurent Simon and Ross Anderson, revealed that more than half a billion Android devices could have data recovered due to flaws in the default wiping process.
The experts have analyzed Android 21 devices from 5 different vendors, including Samsung, HTC, and Nexus running Android versions 2.3 to 4.3, discovering that more than 500 Million Android devices fail to completely wipe data after the factory reset. The researchers demonstrated that it is possible to retrieve encryption keys and master tokens for Google and Facebook in 80 percent of cases.
User data, including SMS, photos, and videos, can be recovered because the factory reset process in Android 4.3 Jellybean and below versions is affected by flaws. The researchers explained that the factory reset doesn’t completely wipe data, in fact, they are able to retrieve encryption keys and master tokens for Google and Facebook in 80 percent of cases.
User data, including SMS, photos, and videos, can be recovered because the factory reset process in Android 4.3 Jellybean and below versions is affected by flaws. The researchers published a paper titled Security Analysis of Android Factory Resets (PDF) that includes the detailed results of the study.
“After the reboot, the phone successfully re-synchronised contacts, emails, and so on,” researchers reported. “We recovered Google tokens in all devices with flawed Factory Reset, and the master token 80% of the time. Tokens for other apps such as Facebook can be recovered similarly. We stress that we have never attempted to use those tokens to access anyone’s account.” states the paper.
After running factory reset on every Android device, the researchers were able to retain at least some piece of data previously stored in the Smartphone, Google account credentials, including text messages, conversations on apps such as WhatsApp and Facebook.
Below the five critical Reset failures discovered during the study:
“We estimate that up to 500 million devices may not properly sanitise their data partition where credentials and other sensitive data are stored, and up to 630 million may not properly sanitise the internal SD card where multimedia files are generally saved.We found we could recover Google credentials on all devices presenting a flawed factory reset. Full-disk encryption has the potential to mitigate the problem, but we found that a flawed factory reset leaves behind enough data for the encryption key to be recovered.” explained the duo.
The experts already have reported the flaw to Google, they also highlighted that remote wiping feature for lost and stolen Android devices is affected by the same flaws.
Everyone that has sold used Android devices could be exposed to the risk of disclosure of their data, the problem is serious if we consider devices that are put aside by private firms.
Cyber spies and thieves can buy or steal the mobile devices and obtain user sensitive data, including bank account information.
An attacker can also obtain the list of installed apps and use it to profile the previous Android owner, for example discovering if he is a corporate executive or simply a school kid.
but researchers explained that this solution is not 100 percent reliable.
Lets me suggest enabling full disk encryption and used strong passwords to make hard brute forcing of master keys.
(Security Affairs – Factory reset, Android)