Spring is in the air; it is the traditional time to clean house, tidy away things you don’t use, and for us geeks, time to dispose of all the old, tech gadgets that we’ve accumulated over the last year.
My house is no exception to this, though my wife and I have very different opinions. I still have my first mobile phone – a trusty Nokia 101 from the early 90’s – It still works, well it would if I had a battery for it – but I could put a SIM in it and use it, probably.
That’s my justification for keeping it anyway, along with a crate of old hard disks (ATA, full height 5 ¼ included), motherboards, processors, RAM etc. – all the things you might just need if the computer museum ever calls, and of course the stack of iPad’s, iPhones and other laptops.
My wife however is the complete opposite; somehow she manages to sell every iOS device she buys a week after the new version is released for 80 percent of the purchase price. I’ve given up being amazed. She manages to keep up with the latest Apple device for a couple of hundred dollars a year.
Me however, well I’ll take my iPhone (first generation) to my grave if I can. You never know when it might be needed.
This constant circulation of iPhones into the second-hand market does bother me though – all the usual things exist on our phones, personal pictures, contacts, work email, cached passwords to websites, Facebook, LinkedIn, Tripit etc. – even banking applications. Things that absolutely you don’t want getting into some strangers hand.
McAfee recently conducted a study with DePaul University on the potential risks associated with selling and buying second-hand office equipment. You can check out the key findings of the report here.
While phones are the most popular tech gadgets that users resell – people also resell and buy tablets and laptops via eBay, Craigslist etc. – in fact I picked up a home server not so long ago, used, but in perfect condition with 3TB storage.
Think about how much personal data could be floating around if these devices are not properly sanitized – I wonder what would have happened if I’d run an “unformat” command on that server for example…
Even gaming systems are worrying – I gave my PSP away a while ago. I didn’t think too much more about it, until the person who acquired my PSP realized that my Sony Network password was cached on the device, and through that, they were able to buy games using my credit card.
How many teenagers think to wipe a handheld electronic gaming system to its original factory settings before trading it? Not many I expect.
So all of our gadgets not only are valuable technology items, but they has also have a huge data protection problem, and this means we need to think before we spring clean our personal tech.
One: Selling your old IT to someone
Tip – Every electronic device you intend to hand over to an untrusted, unknown person, needs to be completely and irrecoverably erased before you give it to them
My wife funds her Apple habit by selling her old devices, and looking at eBay/Craigslist, there are a lot of companies and individuals doing exactly the same. You have to be aware though that you may be unlucky and sell that device to someone who has nothing better to do than see how much of your personal data they can recover from it.
So, be safe and clean up before you let it out of your sight – I added some links and instructions to this blog how to erase some common device types. One thing I want to point out in particular though is deleting files and formatting hard disks and USB sticks is NOT ENOUGH.
There are a hundred easy ways to recover deleted files and formatted media – trust me. When we look at used PCs here in McAfee we routinely find files simply in the recycle bins – but, even if you format your hard disk – there are easy to use tools to recover the files from it.
To make sure no one gets your data, you need to think about “erasing data” and not deleting it – the tools I mention below will make the data impossible to recover, even for a specialist company.
Two: Buying used IT from someone
Tip – If you buy used equipment, erase it yourself before you start using it so you know it’s clean and not contaminated
If I worked for a startup or SMB, I’d buy all my IT on eBay – today I see two year old NAS storage devices for $999 – they would have cost $20,000 new. There’s everything a geek could want available for cents on the dollar – you could put together a data center in your home for a few thousand dollars, or replace that clunky Netgear switch with a shiny 1 GB HP ProCurve for $30. But, with the amount of malware in existence, would you really be prepared to trust that used server, that second–hand PC the previous owner who “erased and reinstalled windows for you”?
What about the situation that you buy a used smartphone/PC, and then some weeks later the previous owner asks you if they can have it back because they left something important on it, or worse, accuses you of posting their confidential information online? To be safe – take action yourself first.
Three: Handing your device over to someone you don’t know
Tip – If you’re leaving your phone or computer for repair and it will be out of your sight, if at all possible back up and erase all personal data beforehand
In the case of temporarily giving up your devices to people who you would expect to be trustworthy – say you need some repairs done, or new hardware installed on your pc, there are examples of people who’ve sent their computer or smartphone for repair, and their devices return infected with spyware, malware, see recent news stories of phone repair engineers who downloaded pictures of customers phones, and in one case, sent them back with inappropriate messages.
- Mobile phone salesman Lee Hawkes copied nude photos of women
- Smartphone repair employee fired after soliciting photos from customer’s phone
Four: Throwing old IT away
Tip – If you’re throwing phones, hard disks, USB sticks, DVDs etc. away – erase or destroy them first
Not all of us want to go through the hassle of selling our gadgets to a stranger – but that does not mean you should just throw your old electronics away. There are too many examples of data recovery by “dumpster divers” – even large companies suffer from this problem.
Five: Recycle your old IT
Tip – If you’re sending your device off to a recycler, remember to erase it first
Finally, even if you’re not willing to take the risk of selling your IT, and not willing to just throw it in the trash – think about donating it, or recycling– companies such as NextWorth will even buy it from you.
But the risk here is the same as sending your IT off to a stranger. There’s no guarantee the recycler is going to erase it before selling or donating it. Take action and protect yourself first.
Device specific Tips
I’ve compiled a list of the common platforms and how to reset them – it’s always worth checking your specific device details on the manufacturers help site before relying on any of these.
- Apple iOS Devices – Amongst the easiest and most foolproof – iOS has a built in secure erase. Apple has information in their support site http://support.apple.com/kb/ht2110
- Apple Mac Laptops – Depends on the OS, but there is usually a robust erase process, for example again from Apples support site http://support.apple.com/kb/ph4439 for Lion, http://support.apple.com/kb/HT3910?viewlocale=en_US for Snow Leopard, http://support.apple.com/kb/PH14243 for Mavericks etc.
- Android Devices – Not as uniform as iOS, but most versions of Android has an erase function either in “Backup and Reset (factory reset)”, “Storage”, or “Settings/Privacy” – check your device manufacturer website for information
- Blackberry – See the Blackberry.com site for your specific mode – for example http://docs.blackberry.com/en/smartphone_users/deliverables/18596/Delete_all_device_data_6.0_1186102_11.jsp
- Windows Phone – Microsoft maintain instructions on their site for specific versions and models – for example http://www.windowsphone.com/en-us/how-to/wp8/basics/reset-my-phone
- Windows PCs – Often the hardest systems to completely wipe – Microsoft offers some advice regarding erasing your hard disk on their site – http://www.microsoft.com/security/online-privacy/safely-dispose-computers-and-devices.aspx. Personally I am a great fan of DBAN http://www.dban.org/
- XBOX360 – Format the hard disk following Microsoft’s instructions – http://support.xbox.com/en-us/xbox-360/accessories/storage
- PlayStation 3 – Erase personal data and format the drive following Sony’s instructions – https://support.us.playstation.com/app/answers/detail/a_id/1212/~/remove-personal-info-from-a-ps3
- Kindle 2 – Home / Menu / Settings / “reset to factory”
- Kindle Fire – Small “Cog” icon, More, Device, “Reset to Factory Defaults”
- Nook – Settings / Device / Unregister your Nook, then “Reset to Factory Settings”
- USB Sticks, SD Cards etc. – Gizmodo has a great how-to article on erasing all kinds of media
Please feel free to tweet me, Simon Hunt, @CTOGoneWild