RESETTING YOUR PHONE, or making sure it’s encrypted may not be enough to prevent your personal data from being retrieved if it’s lost or stolen, according to new research.
The findings, from the forensics team from Deloitte, found that even when a phone or tablet has been reset, both personal and corporate data could be retrieved from it. Such information could include mobile payment details, emails addresses, contact lists and PPS numbers.
The researchers tested out two scenarios. The first was a simulation of lost or stolen devices and the second was a set of second-hand phones that had been wiped. Mobile devices from Apple, Blackberry, Android, Windows Phone and a number of tablets were tested.
For the first scenario, 50 per cent of the mobile devices were encrypted and 90 per cent were password locked, while for the second scenario, 40 per cent of mobile devices were encrypted.
Under the first scenario, where the phones were stolen, the researchers successfully recovered the owners’ email addresses in 90 per cent of cases. In 75 per cent of cases, it was possible to identify the owner and recover their contacts, while passwords were recovered in 40 per cent of cases.
For 25 per cent of cases, PPS numbers could be identified as they were stored in contacts or SMS messages.
In the second scenario, which involved factory wiped phones, it found that it was possible to access text and chat logs in 85 per cent of cases, while the original owner was identifiable in 70 per cent of cases.
In 60 per cent of cases, it was possible to retrieve contacts and identify the owners’ email addresses. Researchers were able to recover passwords in 30 per cent of cases while PPS numbers were recovered in 15 per cent of cases.
According to Deloitte, the research was to determine what data was retrievable from both first and second-hand phones.
The organisation recommended a number of practices to help protect personal and corporate data in the case of theft or moving to a new device such as encrypting your device, evaluating apps carefully before downloading them, giving it a passcode, and recording the IMEI number on the device which can be used by your service provider to deactivate your phone.