Researchers at Cambridge University Lauren Simon and Ross Anderson discovered a vulnerability mechanism for the deletion of data when you reset to factory settings on smartphones on the Android platform. Users can recover a significant portion of personal data. Is under threat around 500 million smartphones and tablets.
According to experts, the vulnerability allows you to recover contacts and messages from predefined and third-party applications. 80% of the tested smartphones researchers after the factory reset was able to restore the information needed to access the accounts of the former owners of Google and Facebook.
It is also stated that about 630 million smartphones in the process of factory reset does not erase data of memory cards and other sections where you store photos and videos. As a result those who wish to sell the phone with him to give to the new owner and their private data.
Data recovery is possible even when activated, the disk encryption. A factory reset does not erase the decryption key that allows access to the data. The analysis was conducted on 21 models of smartphones made by Samsung, HTC and Nexus Android 2.2 Froyo to Android 4.3 Jellybean. It is anticipated that more modern versions have the same problem.
One source of vulnerability is the lack of drivers for full chip erase NAND. Until the only thing left to do users to destroy their data to fill the memory after the reset, random files to overwrite.
The news came as an unpleasant surprise for users who sell their old smartphones in the secondary market, changing them with new ones, and for large companies periodically update their technical arsenals. The probability that the new owners of devices if you want to gain access to very important information, great.
