Don't keep secrets on cell phone

[blush]

WASHINGTON - Don't tell your cell phone any secrets. It might not keep them. Second-hand phones purchased over the Internet surrendered credit card numbers and bank account passwords, business secrets and even evidence of adultery.

One married man's girlfriend sent a text message to his cell phone: His wife was getting suspicious. Perhaps they should cool it for a few days.

"So," she wrote, "I'll talk to u next week."

"You want a break from me? Then fine," he wrote back.

Later, the married man bought a new phone. He sold his old one on eBay, at Internet auction, for $290.

The guys who bought it now know his secret.

The married man had followed the directions in his phone's manual to erase all his information, including lurid exchanges with his lover. But it wasn't enough.

A company, Trust Digital of McLean, Va., bought 10 different phones on eBay this summer to test phone-security tools it sells for businesses. The phones all were fairly sophisticated models capable of working with corporate e-mail systems.

Curious software experts at Trust Digital resurrected information on nearly all the used phones, including the racy exchanges between guarded lovers.

The other phones contained:

_One company's plans to win a multimillion-dollar federal transportation contract.

_E-mails about another firm's $50,000 payment for a software license.

_Bank accounts and passwords.

_Details of prescriptions and receipts for one worker's utility payments.

The recovered information was equal to 27,000 pages ? a stack of printouts 8 feet high.

"We found just a mountain of personal and corporate data," said Nick Magliato, Trust Digital's chief executive.

Many of the phones were owned personally by the sellers but crammed with sensitive corporate information, underscoring the blurring of work and home. "They don't come with a warning label that says, 'Be careful.' The data on these phones is very important," Magliato said.

One phone surrendered the secrets of a chief executive at a small technology company in Silicon Valley. It included details of a pending deal with Adobe Systems Inc., and e-mail proposals from a potential Japanese partner:

"If we want to be exclusive distributor in Japan, what kind of business terms you want?" asked the executive in Japan.

Trust Digital surmised that the U.S. chief executive gave his old phone to a former roommate, who used it briefly then sold it for $400 on eBay. Researchers found e-mails covering different periods for both men, who used the same address until recently.

Experts said giving away an old phone is commonplace. Consumers upgrade their cell phones on average about every 18 months.

"Most people toss their phones after they're done; a lot of them give their old phones to family members or friends," said Miro Kazakoff, a researcher at Compete Inc. of Boston who follows mobile phone sales and trends. He said selling a used phone ? which sometimes can fetch hundreds of dollars ? is increasingly popular.

The 10 phones Trust Digital studied represented popular models from leading manufacturers. All the phones stored information on "flash" memory chips, the same technology found in digital cameras and some music players.

Flash memory is inexpensive and durable. But it is slow to erase information in ways that make it impossible to recover. So manufacturers compensate with methods that erase data less completely but don't make a phone seem sluggish.

More here.

[Quillz]

I figured this would be common knowledge, but it's still a useful read.

[markwolfe Veteran]

I figured this would be common knowledge, but it's still a useful read.

Read the whole linked article. Just about the point that the quote stopped:

Flash memory is inexpensive and durable. But it is slow to erase information in ways that make it impossible to recover. So manufacturers compensate with methods that erase data less completely but don't make a phone seem sluggish.

Phone manufacturers usually provide instructions for safely deleting a customer's information, but it's not always convenient or easy to find. Research in Motion Ltd. has built into newer Blackberry phones an easy-to-use wipe program.

Palm Inc., which makes the popular Treo phones, puts directions deep within its Web site for what it calls a "zero out reset." It involves holding down three buttons simultaneously while pressing a fourth tiny button on the back of the phone.

But it's so awkward to do that even Palm says it may take two people. A Palm executive, Joe Fabris, said the company made the process deliberately clumsy because it doesn't want customers accidentally erasing their information.

Trust Digital resurrected erased e-mails and other information from a used Treo phone provided by The Associated Press for a demonstration after it was reset and appeared empty. Once the phone was reset using Palm's awkward "zero-out" technique, no information could be recovered. The AP already used that technique to protect data on its reporters' phones.

A user can "erase" the memory contents, but all it seems to do is to remove the link to the data. The data is still there and can be recovered (which is what it is apparent that the folks at Trust Digital did).

So, users that use the erase features on the phone are leaving the data there, but just invisible for the most part.