Santa Claus may be bringing you a new iPhone this Christmas, but be careful when you get rid of your old phone: All sorts of confidential information can readily be found on old cellphones purchased from eBay, Craigslist, and more.
“I’m talking about dressing up like a woman for Black Friday [for the] sympathy,” reads one text message pulled off an iPhone bought on Craigslist.
Phone numbers, email account information and potentially embarrassing details are easily found on most devices, said Lee Reiber, director of mobile forensics for AccessData.
“We see lots of sensitive information,” Reiber told FoxNews.com. To find out just how much, AccessData bought and tested five used cellphones exclusively for FoxNews.com: Two HTC Androids, an LG Android, an iPhone 3G and a Sanyo 2300 flip phone. The phones were bought on Craigslist, eBay, and from a cellphone reseller.
Reiber used Mobile Phone Examiner Plus (MPE Plus), a common forensics software tool, to dig up private, confidential information including Social Security numbers and credit card information.
In some cases, data was simply left on the phone for anyone to see. The Sanyo had an active Yahoo! account turned on, and AccessData was able to recover its username and password.
Once hackers get into an email account, they're able to uncover much more information. “That can be the springboard to get into other areas you really don’t want them in,” said Andrew Hoog, chief investigative officer at viaForensics, a digital forensics firm in Chicago.
The iPhone 3G also had its contacts in the phone. AccessData easily uncovered the geographic area each phone came from, as well.
Despite the removal of individual applications, forensic technology allows anyone to view old files still stored in the phone. In one case, this included what the owner was doing and where, thanks to the geo-location feature in the iPhone, Reiber said.
“I actually identified the reservoir in Utah where they took pictures while they were boating,” he told FoxNews.com.
To avoid giving sensitive information to your cellphone’s next owner, people need to take a few simple steps, Hoog said. Sellers need to restore the device back to factory settings -- “They are pretty much all going to have a reset setting somewhere,” he said -- and that includes pulling the activation card from the carrier.
“You shouldn't include your SIM card when you sell your device,” he added, since data is stored there as well as on the device. If the phone has an SD card, sellers should erase all of the data on that as well.
If possible, Reiber advised, run updates on the phone’s operating system to eliminate much of the data stored in the phone’s file system. EBay offers instructions to customers who visit the company's eBay Instant Sale or eBay iPhone page on how to remove data before selling a cellphone.
“Consult your owner's manual on how to back-up your phone's data safely and securely before erasing anything,” the site notes. It includes specific instructions for the iPhone, Blackberry, and Android.
Reiber also advised consumers to follow similar steps when selling digital tablets -- and it’s key to follow similar (but more extensive) steps before selling a computer, of course. He recommended running a program called Darik’s Boot and Nuke (DBAN) to clear the hard drive.
And if you’re a buyer and you find the previous owner’s data still in a phone you buy, he advises to remove it quickly. “You need to go through the steps like it’s yours to get rid of that data,” Reiber told FoxNews.com. If there’s something criminal left on there, for example, it could be dangerous or incriminating for you, he said.
Just remember, keep the cross-dressing comments to yourself -- and when it’s selling time, clear the phone and cards before you drop them in the mail.
