Researchers have discovered a new flaw in Android phone factory reset that allows data to be recovered from the Android smartphones, putting an estimated 500 million handsets at risk.
Cambridge University researchers have released a new report titled, 'Security Analysis of Android Factory Resets' that reveals that flawed factory reset on Android devices running older software doesn’t wipe all data. The flaw allowed researchers to recover a sensitive information from flashed devices including Facebook and Google login passwords, messages, contacts information, emails and more. The report revealed that the data could be accessed even if the user had been particularly diligent and turned on full disk encryption. The researchers tested the factory reset of 21 Android smartphones from five different manufacturers running Android 2.3.x to 4.3. All the Android handsets retained fragments of old data, including contacts as well as information from third-party apps like Facebook and What'sApp, images, etc. Researchers were also able to extract the master token on 80 percent of the handset, gaining access to extremely sensitive data including users Google log in credentials allowing access to Gmail and Google Calendar.
Researchers estimate that this could affect 500 million, which may not completely wipe disk partitions where sensitive data is stored. The report reveals that there is secure way to ensure users data is not recovered. Hackers could easily buy Android phones on sites such as eBay, and restore the wiped data in hopes of finding bank account information as well as other fraud related data. This could be really harmful if devices belonging to corporations who have sensitive corporation information accidently fall into the hands of hackers. Google has thanked the researchers and stated: “We believe the most reliable method of protecting user data is the full disk encryption that is available on over 94% of Android devices. Encryption ensures that data is protected within Android itself, rather than relying on diverse hardware implementations that may not securely wipe if there is an error. Recovery of data from a device that has been encrypted and insecurely wiped is significantly more difficult than on a device that is not encrypted. This is one of the reasons we have enabled encryption by default on the Nexus 6 and 9, and one of the reasons we have very strongly recommended it for other manufacturers as well.”
Source: Cambridge University