Friday, 22 January 2016 00:00

Android's flawed factory reset vulnerable to data recovery

Rate this item
(0 votes)

According to researchers at Cambridge University, around 500 million Android smartphones are vulnerable to a flaw in the factory data reset function that could allow the recovery of a wide range of data.

Following a series of tests, the researchers estimate that 500 million Android devices don't fully wipe data partitions that contain sensitive data, allowing the restoration of contact and message data from first- and third-party apps. In 80 percent of phones tested, the researchers were able to extract the Google master token after a factory reset, giving them access to Gmail and Calendar data.

The team also estimate that 630 million devices don't wipe SD cards and other places where pictures and videos are stored during the factory reset process. This is concerning for people who sell or give away used smartphones, who might think that sensitive data is removed after a factory reset, when in many cases it's still accessible.

It was also discovered that the flaw in Android's factory reset allows you to recover data with full-disk encryption enabled. During the reset process, the decryption key isn't wiped, and recovery of the "crypto footer" along with this key allows an attacker to crack the encryption offline.

The researchers experiments focused on 21 devices running Android versions from 2.3.x to 4.3. While Android 4.4 and newer weren't tested, it's "plausible" that devices running these versions of the OS are also vulnerable, according to the team.

One of the reasons why the Android factory reset function doesn't work properly is due to a lack of drivers that would allow NAND chips to be wiped completely. It's quite difficult to wipe flash storage completely, which is why manufacturers have struggled to implement the factory reset functionality correctly.

While the researchers recommended a series of technical changes be made to the factory reset process in Android to help improve its effectiveness, there's not a whole lot a user can currently do to prevent data recovery. You can fill up the NAND on your smartphone with random files after a factory reset to overwrite free space, but the best method to ensure the safety of your data is to destroy the device completely.

Reference: http://www.techspot.com/news/60759-android-flawed-factory-reset-vulnerable-data-recovery.html

Last modified on Friday, 22 January 2016 11:16
Data Recovery Expert

Viktor S., Ph.D. (Electrical/Computer Engineering), was hired by DataRecoup, the international data recovery corporation, in 2012. Promoted to Engineering Senior Manager in 2010 and then to his current position, as C.I.O. of DataRecoup, in 2014. Responsible for the management of critical, high-priority RAID data recovery cases and the application of his expert, comprehensive knowledge in database data retrieval. He is also responsible for planning and implementing SEO/SEM and other internet-based marketing strategies. Currently, Viktor S., Ph.D., is focusing on the further development and expansion of DataRecoup’s major internet marketing campaign for their already successful proprietary software application “Data Recovery for Windows” (an application which he developed).

Leave a comment

Make sure you enter the (*) required information where indicated. HTML code is not allowed.

Get Help Now

Thank you for contacting us.
Your Private Investigator will call you shortly.