July 2012 - secureCI Ouch! Monthly Bulletin
by Neal Fisch in data cleanup, data security, newsletter, security 0
secureCI presents Ouch!
The SANS Monthly Information Security Bulletin at Channel Islands
- Stored Information
- Wiping your Device
- SIM Cards / SD Cards
- Options for Disposal
Safely Disposing of Your Mobile Device
OVERVIEW
Mobile devices, such as smart-phones and tablets, continue to advance and innovate at an astonishing rate. As a result, many of us replace our mobile devices as often as every 18 months. A key question becomes, What are you doing with your older devices? Many people simply dispose of their older mobile devices with little thought about all the personal data they have accumulated. However, a surprising amount of personal information is stored on these older devices. If your devices are not securely wiped before disposal, this information can easily be recovered, exposing you or your organization to tremendous risk.
Mobile devices, such as smart-phones and tablets, continue to advance and innovate at an astonishing rate. As a result, many of us replace our mobile devices as often as every 18 months. A key question becomes, What are you doing with your older devices? Many people simply dispose of their older mobile devices with little thought about all the personal data they have accumulated. However, a surprising amount of personal information is stored on these older devices. If your devices are not securely wiped before disposal, this information can easily be recovered, exposing you or your organization to tremendous risk.
STORED INFORMATION
Mobile devices store far more sensitive data then you may realize, perhaps more than your computer. When you dispose of your device you could be exposing the following information:
Mobile devices store far more sensitive data then you may realize, perhaps more than your computer. When you dispose of your device you could be exposing the following information:
- The contact details for everyone in your address book, including family, friends, and co-workers
- Call history, including inbound, outbound, and missed calls
- Text messages or logged chat sessions
- Location history based on GPS coordinates or cell tower history
- Web browsing history, cookies, and cached pages
- Personal photos, videos, audio recordings, and emails
- Stored passwords and access to personal accounts, such as your voicemail
WIPING YOUR DEVICE
Before you begin securely wiping your mobile device, consider whether or not you want to back up any of your data, such as photos, videos, or any other information. Once you’ve followed the steps below, you will not be able to recover any of your data. In addition, if your mobile device was issued to you by your employer or has any organizational data stored on it, be sure to check with your supervisor about proper backup and disposal procedures before following the steps below. Unfortunately, just deleting your data is not enough, it can still be recovered. We recommend that you use the device “factory reset” function to remove all data from the device and return it to the condition it was in when you bought it.
We have found that factory reset will provide the most secure method for removing data from your mobile device. The location of the factory reset function varies among devices; listed below are the steps for the most popular devices.
Before you begin securely wiping your mobile device, consider whether or not you want to back up any of your data, such as photos, videos, or any other information. Once you’ve followed the steps below, you will not be able to recover any of your data. In addition, if your mobile device was issued to you by your employer or has any organizational data stored on it, be sure to check with your supervisor about proper backup and disposal procedures before following the steps below. Unfortunately, just deleting your data is not enough, it can still be recovered. We recommend that you use the device “factory reset” function to remove all data from the device and return it to the condition it was in when you bought it.
We have found that factory reset will provide the most secure method for removing data from your mobile device. The location of the factory reset function varies among devices; listed below are the steps for the most popular devices.
• Apple iOS Devices : Settings > General > Reset > Erase All Content and Settings
• Android Devices : Settings > Privacy > Factory Data Reset
• Windows Phones : Settings > About > Reset Your Phone
• BlackBerry Phones : Options > Security Options > Security Wipe
If you still have questions about how to perform a factory reset, check your owner’s manual or the manufacturer’s website. Another option is to take your mobile device to the store you bought it from and get help resetting it from a trained technician. Remember, simply deleting your personal data is not enough as it can be easily recovered.
SIM CARDS
In addition to the data stored on your device, you also need to consider what to do with your SIM (Subscriber Identity Module) card. Many mobile devices use a SIM card to uniquely identify you and your account information when you place and receive calls on a mobile network. When you perform a factory reset on your device, the SIM card retains information about your account. If you are keeping your phone number and moving to a new phone, talk to the phone salesperson about transferring your SIM card to the
new phone. If this is not possible (for example, if your new phone uses a different size SIM card) keep your old SIM card and physically shred or destroy it to prevent someone else from re-using it.
In addition to the data stored on your device, you also need to consider what to do with your SIM (Subscriber Identity Module) card. Many mobile devices use a SIM card to uniquely identify you and your account information when you place and receive calls on a mobile network. When you perform a factory reset on your device, the SIM card retains information about your account. If you are keeping your phone number and moving to a new phone, talk to the phone salesperson about transferring your SIM card to the
new phone. If this is not possible (for example, if your new phone uses a different size SIM card) keep your old SIM card and physically shred or destroy it to prevent someone else from re-using it.
EXTERNAL STORAGE CARDS
Some mobile devices utilize an external SD (Secure Digital) card for additional storage. These storage cards often contain pictures, smart phone applications, and other sensitive content. Remember to remove any external storage cards from your mobile device prior to disposal (for some devices, your SD cards may be hidden in the battery compartment of your device). These cards can often be reused in new mobile devices or can be used as generic storage on your computer with a USB adapter. If reusing your SD card is not possible, then just like your old SIM card, we recommend you physically destroy it.
Some mobile devices utilize an external SD (Secure Digital) card for additional storage. These storage cards often contain pictures, smart phone applications, and other sensitive content. Remember to remove any external storage cards from your mobile device prior to disposal (for some devices, your SD cards may be hidden in the battery compartment of your device). These cards can often be reused in new mobile devices or can be used as generic storage on your computer with a USB adapter. If reusing your SD card is not possible, then just like your old SIM card, we recommend you physically destroy it.
OPTIONS FOR DISPOSAL
When it comes to disposing of your old mobile device, instead of throwing it out, consider recycling it instead. Most carriers offer a discount on your next purchase when you recycle. Another option is to donate your mobile device to the charitable cause of your choice. Below are just some of the many places you can either recycle or donate your mobile device.
When it comes to disposing of your old mobile device, instead of throwing it out, consider recycling it instead. Most carriers offer a discount on your next purchase when you recycle. Another option is to donate your mobile device to the charitable cause of your choice. Below are just some of the many places you can either recycle or donate your mobile device.
Verizon Recycling
Sprint Recycling
AT&T Recycling
Recycling Mobile Phones
EPA Mobile Phone Donations Site
National Coalition Against Domestic Violence
http://preview.tinyurl.com/l48kw4
http://preview.tinyurl.com/l48kw4
Operation Gratitude
RESOURCES
Some of the links shown below have been shortened for greater readability using the TinyURL service. To mitigate security issues, OUCH! always uses TinyURL’s preview feature, which shows you the ultimate destination of the link and asks your permission before proceeding to it.
Some of the links shown below have been shortened for greater readability using the TinyURL service. To mitigate security issues, OUCH! always uses TinyURL’s preview feature, which shows you the ultimate destination of the link and asks your permission before proceeding to it.
SANS Security Tip of the Day:
http://preview.tinyurl.com/6s2wrkp
http://preview.tinyurl.com/6s2wrkp
LEARN MORE
Subscribe to the monthly OUCH! security awareness newsletter, access the OUCH! archives, and learn more about SANS security awareness solutions by visiting us at http://www.securingthehuman.org. OUCH! is distributed under the Creative Commons BY-NC-ND 3.0 license.
Subscribe to the monthly OUCH! security awareness newsletter, access the OUCH! archives, and learn more about SANS security awareness solutions by visiting us at http://www.securingthehuman.org. OUCH! is distributed under the Creative Commons BY-NC-ND 3.0 license.