RICHMOND (WRIC)—If you're looking to sell your current computer, cell phone or tablet before buying a newer model and think you've cleared out all of your most personal information, think again. You may be giving it away without even knowing.
On Nov. 5, Virginia Military Institute announced it was trying to track down more than a dozen computers it had sold at surplus auctions, because school officials realized the computers weren't completely wiped clean of private data. This is a more common occurrence than you might think; even when you're confident you've hit “Delete,” some devices are still loaded with your personal information.
These days, we can do just about anything with the tap of a fingertip or the click of a mouse.
“I do online shopping on computer,” said Richmond resident Misha Antac. “I am on the web all the time. I am using for banking, Facebook, of course—24/7 it's on.”
Cell phones, especially smartphones, are essentially small computers.
“Last night I was having dinner with a friend and we were talking about getting tickets to a concert,” said Esther Galan, who also lives in Richmond. “So I … pulled out the phone and quickly booked some tickets.”
It could be devastating if all your personal information fell into the wrong hands, which can happen easily. With new technology out almost daily, many of us are looking to upgrade. When we do, sometimes we give away or sell our old devices.
Used laptops, cell phones and tablets are for sale on sites like eBay and craigslist. But beware, if you decide to sell your old device online, you could be spilling your secrets, even when you think you've cleared out all your personal data.
Both Antac and Galan thought they had removed private data from their phones.
“I did everything I could to clear off what I could myself before I sent it,” Galan said.
“Maybe sometimes I left some messages in or a few pictures, but nothing too important,” Antac said.
McAfee online security expert Robert Siciliano did a little experiment; he purchased 30 different devices from craigslist, including laptops, notebooks, iPads and smartphones.
“I asked every single person if they re-installed the operating system or reformatted the drive, and they all said yes,” Siciliano said. “On more than half of the devices, I found enough information to steal identities or, in some cases, even get people into trouble.”
Siciliano found usernames, passwords, bank account numbers, Social Security numbers, credit card information, photos—even pornographic material.
“If I was an identity thief, with all these devices I could have either opened up new financial accounts under people's names using the Social Security numbers,” Siciliano said. “Or, in some cases, I could take over existing accounts using their credit card numbers or bank account numbers.”
Doug Szajda, an associate professor of computer science at the University of Richmond, says clicking “Delete,” isn't enough—that doing so only clears the reference to the data.
“When you appear to delete a file on a laptop, it may not actually be deleted,” Szajda said.
“I would recommend when it comes to a laptop or a PC that you go online, say, to “How-To Geek” … there's a site,” Szajda said. “Or, you can Google ‘How to prepare a PC for resale.'”
Online sites like HowToGeek.com can walk even the most technologically-challenged individual through the process, step by step.
“It's very easy to follow, as long as you keep in mind that you're not looking just to delete the files—you're looking to scrub the disk,” Szajda said. “You're looking to scrub the disk.”
Szajda also offers tips on clearing personal information off of smartphones.
“You go to ‘Settings,' ‘General' and, you look down, there's a ‘Reset Machine to Factory Conditions,'” Szajda said. “You just press one button; it'll actually ask you, ‘Do you want me to wipe this machine and reset it?'”
Based on Siliciano's experiment, Blackberries and iPhones did a good job of purging deleted data.
Android devices are more difficult to clear. Even when users followed the instructions perfectly and performed the factory reset process, Siciliano still found a tremendous amount of personal data remaining. He believes the $50 you might get from selling an old Android device isn't worth the risk of potentially giving away your identity. Instead of selling, Siciliano says to smash the device.
“I would actually put some safety glasses on, get a sledgehammer and beat that thing to death,” Siciliano said.
Buyers beware—some of the devices Siciliano purchased were infected with viruses. If he had used them, his personal information could have been compromised. Again, in this case, the money you might save buying a cheap used phone is likely not worth the risk.
Copyright 2013 by Young Broadcasting of Richmond