Used mobile devices reveal data

http://news.bbc.co.uk/go/rss/-/1/hi/wales/south_east/7637366.stm

Version 0 of 1.

A fifth of second hand mobile devices still contain sensitive company and personal information, research shows.

The survey of over 160 used gadgets found a range of information including salary details, financial company data and personal medical details.

Also nearly a quarter of the mobile phones contained sufficient information to identify the owner and employer.

The survey was carried out by BT, the University of Glamorgan in Pontypridd and Edith Cowan University, Australia.

The devices containing the greatest volume of information were discarded Blackberry devices which in a number of cases were left unprotected despite having security features.

Of those examined 43% contained information from which individuals, their organisation or specific personal data could be identified creating a significant threat to both the individual and the organisation.

The survey said it is thought this type of device was used by organisations to support increasingly mobile workforces.

In one example, the survey cites a Blackberry which was examined - it had been used by the sales director for Europe, the Middle East and Africa of a major Japanese corporation.

It was possible to recover the call history, the address book, the diary and the messages from the device and the information these provided included a business plan of the organisation and it also identified its customers and the state of the relationships with them.

Charities

It also revealed details of the personal life of the individual including details of their children and their occupations, marital status, addresses, appointments and addresses for his dental and medical care providers

His bank account numbers, bank sorting code and car registration index were also retrieved.

"Many large organisations currently dispose of obsolete hand-held devices by donating them to charities," said Dr Iain Sutherland, who leads the research team at the University of Glamorgan.

"It was discovered during the course of the research that a number of these charities then pass on a large percentage of these devices to places like China and Nigeria, both of which are regarded as posing a real threat to the security of information."

The research also highlights a lack of awareness amongst businesses about the amount of data that can be retrieved from mobile devices.

The situation it said was made more complex as most of the devices were provided by a supplier as part of a mobile communications service and were discarded after a year or so.

The survey said a significant proportion of the devices examined found the information had not been effectively removed and as a result, both organisations and individuals were exposed to a range of potential crimes.

The results were based on the examination of 161 hand-held devices purchased from on-line auction sites, commercial organisations involved in the supply of second hand hand-held devices and auctions or were donated to the research.