A Startling Scenario
You come home from a late night dinner to discover that your home has been burglarized. Fortunately, the police have arrested the suspects after observing them driving erratically with your wide-screen television in their back seat. A lucky break. While interrogating the criminals, police learn that the bad guys entered your home through your garage by entering your garage door opener code on the keypad. How did they learn your code? From your old discarded mobile phone that they bought on eBay. The code, along with lots of other sensitive information, was stored in the device’s “notes” application. When you traded your old phone for a new one last year, you assumed the retailer would wipe your phone before recycling it. Nope.
Sound Impossible? Not at all. This scenario and many others were revealed during a recent investigative reporting piece by CBS Chicago’s award winning reporter, Dorothy Tucker. Tucker and her producers purchased 150 recycled mobile phones on the internet and then worked with the 4Discovery team to see what we could recover from the discarded devices. The results were dramatic. Although many of the phones were damaged or broken (ie., most would not power-up), we were still able to recovery lots of sensitive data from the devices.
The Results
4Discovery computer forensic expert Jared Sikorski examined the devices and reported his findings to Tucker. In one example of recovered data, Sikorski found a text message a woman had sent to her boyfriend claiming she was pregnant with his child. She even attached an ultrasound image. When Sikorski examined the image, however, he discovered it had been downloaded from the internet. Sikorski even found evidence the woman had been Google searching for “3 month old ultrasound photos” in the internet history on the phone. What else did Sikorski find on the devices he analyzed?
- Bank log-in passwords
- Social Security numbers
- Credit card numbers (including photos of the fronts and backs of cards)
- Intimate photos and videos
- Text messages discussing illegal drug use by the phone’s owners
- Owner’s home addresses and garage door codes
- Confidential e-mails
- One of the phones was apparently owned by a prostitute. You can use your imagination to consider the data recovered from this phone.
The Take-Aways
Watch CBS Chicago Channel 2 News at 5:00pm this Monday May 15th to see the interview with Jared Sikorski. In the meantime, here are some of Jared’s tips for keeping your mobile data safe.
- Encrypt. Most mobile phones provide a feature within “settings” that will allow you to encrypt your data. Do this. Newer devices, particularly iPhones, will do this automatically. Doing this will also help protect your phone if you lose it.
- Passwords. Use the highest level of password protection on your device as possible. Don’t re-use the same passwords for multiple accounts. For example, don’t use the same password for your Facebook account and your mobile banking app.
- Don’t Recycle. When you get a new phone, destroy your old one…or at least do a “factory reset” to make it much more difficult to recover your legacy phone data.
Note: All of the mobile phones used during this project were destroyed after the completion of the analysis, and none of the owner’s data or identities were shared or made public.