[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] Flawed Android factory reset leaves crypto and login keys ripe for picking
From:       InfoSec News <alerts () infosecnews ! org>
Date:       2015-05-22 12:07:54
Message-ID: alpine.DEB.2.02.1505221207410.17920 () infosecnews ! org
[Download RAW message or body]

http://arstechnica.com/security/2015/05/flawed-android-factory-reset-leaves-crypto-and-login-keys-ripe-for-picking/

By Dan Goodin
Ars Technica
May 21, 2015

An estimated 500 million Android phones don't completely wipe data when 
their factory reset option is run, a weakness that may allow the recovery 
of login credentials, text messages, e-mails, and contacts, computer 
scientists said Thursday.

In the first comprehensive study of the effectiveness of the Android 
feature, Cambridge University researchers found that they were able to 
recover data on a wide range of devices that had run factory reset. The 
function, which is built into Google's Android mobile operating system, is 
considered a crucial means for wiping confidential data off of devices 
before they're sold, recycled, or otherwise retired. The study found that 
data could be recovered even when users turned on full-disk encryption.

Based on the devices studied, the researchers estimated that 500 million 
devices may not fully wipe disk partitions where sensitive data is stored 
and 630 million phones may not wipe internal SD cards where pictures and 
video are often kept. The findings, published in a research paper titled 
Security Analysis of Android Factory Resets, are sure to be a wake-up call 
for individual users and large enterprises alike.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
[prev in list] [next in list] [prev in thread] [next in thread]