July 2012 - secureCI Ouch! Monthly Bulletin

by in , , , 0

secureCI presents Ouch!

The SANS Monthly Information Security Bulletin at Channel Islands

  • Stored Information
  • Wiping your Device
  • SIM Cards / SD Cards
  • Options for Disposal

Safely Disposing of Your Mobile Device

OVERVIEW
Mobile devices, such as smart-phones and tablets, continue to advance and innovate at an astonishing rate. As a result, many of us replace our mobile devices as often as every 18 months. A key question becomes, What are you doing with your older devices? Many people simply dispose of their older mobile devices with little thought about all the personal data they have accumulated. However, a surprising amount of personal information is stored on these older devices. If your devices are not securely wiped before disposal, this information can easily be recovered, exposing you or your organization to tremendous risk.

STORED INFORMATION
Mobile devices store far more sensitive data then you may realize, perhaps more than your computer. When you dispose of your device you could be exposing the following information:
  • The contact details for everyone in your address book, including family, friends, and co-workers
  • Call history, including inbound, outbound, and missed calls
  • Text messages or logged chat sessions
  • Location history based on GPS coordinates or cell tower history
  • Web browsing history, cookies, and cached pages
  • Personal photos, videos, audio recordings, and emails
  • Stored passwords and access to personal accounts, such as your voicemail
WIPING YOUR DEVICE
Before you begin securely wiping your mobile device, consider whether or not you want to back up any of your data, such as photos, videos, or any other information. Once you’ve followed the steps below, you will not be able to recover any of your data. In addition, if your mobile device was issued to you by your employer or has any organizational data stored on it, be sure to check with your supervisor about proper backup and disposal procedures before following the steps below. Unfortunately, just deleting your data is not enough, it can still be recovered. We recommend that you use the device “factory reset” function to remove all data from the device and return it to the condition it was in when you bought it.
We have found that factory reset will provide the most secure method for removing data from your mobile device. The location of the factory reset function varies among devices; listed below are the steps for the most popular devices.

• Apple iOS Devices : Settings > General > Reset > Erase All Content and Settings
• Android Devices     : Settings > Privacy > Factory Data Reset
• Windows Phones    : Settings > About > Reset Your Phone
• BlackBerry Phones : Options > Security Options > Security Wipe

If you still have questions about how to perform a factory reset, check your owner’s manual or the manufacturer’s website. Another option is to take your mobile device to the store you bought it from and get help resetting it from a trained technician. Remember, simply deleting your personal data is not enough as it can be easily recovered.

SIM CARDS
In addition to the data stored on your device, you also need to consider what to do with your SIM (Subscriber Identity Module) card. Many mobile devices use a SIM card to uniquely identify you and your account information when you place and receive calls on a mobile network. When you perform a factory reset on your device, the SIM card retains information about your account. If you are keeping your phone number and moving to a new phone, talk to the phone salesperson about transferring your SIM card to the
new phone. If this is not possible (for example, if your new phone uses a different size SIM card) keep your old SIM card and physically shred or destroy it to prevent someone else from re-using it.

EXTERNAL STORAGE CARDS
Some mobile devices utilize an external SD (Secure Digital) card for additional storage. These storage cards often contain pictures, smart phone applications, and other sensitive content. Remember to remove any external storage cards from your mobile device prior to disposal (for some devices, your SD cards may be hidden in the battery compartment of your device). These cards can often be reused in new mobile devices or can be used as generic storage on your computer with a USB adapter. If reusing your SD card is not possible, then just like your old SIM card, we recommend you physically destroy it.

OPTIONS FOR DISPOSAL
When it comes to disposing of your old mobile device, instead of throwing it out, consider recycling it instead. Most carriers offer a discount on your next purchase when you recycle. Another option is to donate your mobile device to the charitable cause of your choice. Below are just some of the many places you can either recycle or donate your mobile device.


Verizon Recycling

Sprint Recycling

AT&T Recycling

Recycling Mobile Phones

EPA Mobile Phone Donations Site

National Coalition Against Domestic Violence
http://preview.tinyurl.com/l48kw4 

Operation Gratitude


RESOURCES
Some of the links shown below have been shortened for greater readability using the TinyURL service. To mitigate security issues, OUCH! always uses TinyURL’s preview feature, which shows you the ultimate destination of the link and asks your permission before proceeding to it. 

Common Security Terms:
http://preview.tinyurl.com/6wkpae5 

SANS Security Tip of the Day:
http://preview.tinyurl.com/6s2wrkp 

LEARN MORE
Subscribe to the monthly OUCH! security awareness newsletter, access the OUCH! archives, and learn more about SANS security awareness solutions by visiting us at http://www.securingthehuman.org.  OUCH! is distributed under the Creative Commons BY-NC-ND 3.0 license.

Leave a Reply