{"id":28656,"date":"2021-01-29T14:23:08","date_gmt":"2021-01-29T12:23:08","guid":{"rendered":"https:\/\/www.kaspersky.co.za\/blog\/data-on-used-devices\/28656\/"},"modified":"2021-01-29T14:23:08","modified_gmt":"2021-01-29T12:23:08","slug":"data-on-used-devices","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.za\/blog\/data-on-used-devices\/28656\/","title":{"rendered":"Uncovering private data in secondhand sales"},"content":{"rendered":"

Kaspersky\u2019s Global Research and Analysis Team (GReAT) has examined<\/a> security in secondhand devices. The devices, which DACH research heads Marco Preuss and Christian Funk scrutinized for two months in late 2020, included used laptop computers and a variety of storage media such as hard drives and memory cards.<\/p>\n

Their goal was not to determine differences according to device type but rather to examine the data on them \u2014 to learn how electronic data relates to person-to-person or other secondary market sales. As a seller, what traces might you be leaving behind? As a buyer, how can you make your device behave as if it were brand-new \u2014 and until you do, is using your new-to-you device even safe?<\/p>\n

Findings<\/h2>\n

An overwhelming majority of the devices the researchers examined contained at least some traces of data \u2014 mostly personal but some corporate \u2014 and more than 16% of the devices gave the researchers access outright. Another 74% gave up the goods when the researchers applied file-carving methods. A bare 11% had been wiped properly.<\/p>\n

The data Preuss and Funk found included items that could potentially be harmless or terribly revealing and even dangerous: calendar entries, meeting notes, company resource access data, internal documents, personal photos, medical information, tax documents, and more. Furthermore, as Funk pointed out, personal data doesn\u2019t tend to lose value over time; you can\u2019t simply wait out the risk and feel safer after some time passes (not that feeling safe actually lessens risk in any way).<\/p>\n

In addition to directly usable information such as contact lists, tax documents, and medical records (or access to them through saved passwords), electronic devices contain information that can cause secondhand damage; consider how cybercriminals exploit the information they glean from social network profiles and posts. The contents of a digital device are vastly more informative.<\/p>\n

Did we mention the malware?<\/h2>\n

It\u2019s safe to say no one else shares your precise tolerance for digital device security. Some may lock things up even tighter than you do, but if you\u2019re buying secondhand, it\u2019s not unlikely you\u2019ll receive not just someone else\u2019s data but also bonus malware. Of the devices Preuss and Funk examined, 17% triggered our virus scanner alarms.<\/p>\n

Prequel: A broader study<\/h2>\n

The research we\u2019re reporting on here actually began with a study<\/a> that Kaspersky commissioned from Arlington Research. It queried several thousand adult consumers in the United Kingdom, Germany, and Austria. The initial study functioned as a confirmation of sorts, finding that secondhand digital sales are indeed robust and indeed a reliable source of data leaks; fewer than half of the many hundreds of buyers did not find any photos, \u201cexplicit material,\u201d contact details, sensitive documents such as passports, or login details on the devices they\u2019d purchased.<\/p>\n

Seller, beware<\/h3>\n

Although approximately 10% of the survey\u2019s respondents had been given devices on which they found the seller\u2019s info, not many of them would ignore, immediately delete, or report found data to the original owner or any authorities. Beyond just taking a peek (which 74% of respondents said they\u2019d find a way to do), more than 1 in 10 admitted they would sell the data they found if they thought they could profit from it.<\/p>\n

Advice and tips<\/h2>\n

The United Kingdom\u2019s National Cyber Security Centre provides some practical advice<\/a> for buyers and sellers of secondhand electronic devices, from backing up personal data to making sure the device is as clean as a new one would be.<\/p>\n

For sellers<\/h3>\n

As a seller, your top priority is getting your information off the device you\u2019re selling so that you can keep it both secure and private. Yes, it\u2019s also important to make sure the device is safe, which we hope you\u2019ve done all along, but the point here is to keep your stuff to yourself.<\/p>\n