Keeping personal details personal in the Digital Age
Users of mobile phones, tablet computers and other devices with a memory card—that being practically everyone these days—risk having their identify stolen if they don't securely erase their personal data.
That is the message promoted by Edith Cowan University computer security lecturer, Patryk Szewczyk at a recent public lecture.
Mr Szewczyk and his colleague Krishnun Sansurooah have spent five years researching the secondhand market for memory cards which can be purchased on websites like eBay, and the kind of data that can be retrieved from the cards.
The memory cards concerned are those found in devices such as digital cameras, mobile phones, tablet computers and even in some printers.
They found over the last couple of years that if the seller suggests the card may contain personal data, the price goes up by around fifty per cent.
Mr Szewczyk said this suggests there are people out there specifically targeting such cards to try to gain personal information.
"Since no other research projects have been identified, the inescapable conclusion is that the buyers of these cards are intent on identity theft," Mr Szewczyk said.
He said the end user has not been educated about securely destroying digital information, which has led to inadequate data deletion.
This means personal details can be recovered using software that is easily obtainable, simple to use, and free, even if the files have been deleted.
Simply deleting a file only removes the pointer to that file, it does not remove the data itself, which can be pieced back together by the recovery software.
Only certified programs ensures data can never be recovered
A secure wipe of the memory card using software proven to do the job thoroughly every time, is the only sure way to erase the data.
Properly used, software such as Active@ Killdisk (for a Windows/Linux environment) or the "dd" command with appropriate parameters (in the Linux/Unix environment) will ensure the data in memory cards will never be recovered.
Mr Szewczyk noted that in one year just thirty per cent of the cards had been properly erased—this was the best result compared to cards surveyed in the other four years.
In many cases there has been no attempt whatsoever to erase the data.
During the project they recovered photographic images including sexualised selfies, images of credit cards (both sides) and passports, resumes, tax receipts, bank statements, employee payslips, company letters, client lists plus online authentication credentials for bank accounts, eBay, Paypal and Facebook accounts.
This article first appeared on ScienceNetwork Western Australia a science news website based at Scitech.