Nude photos, private emails: What's hiding on your old phones?
Posted May 20, 2013
Raleigh, N.C. — Statistics show people replace their cellphones, on average, every 18 months, according to the U.S. Environmental Protection Agency.
Of the more than 1.2 billion cellphones in use worldwide, many contain private information – such as pictures, text messages, emails and bank data – even after the phones are discarded, recycled or sold.
The 5 On Your Side team gathered old phones that had been tossed into area recycling bins, accessible to the public, and asked a Raleigh-based digital forensic expert to see what information he could extract from the phones.
“There is literally enough on some of these phones to stalk someone from where they work to where they live to where their kids go to school,” said Lars Daniel, a certified digital forensics examiner and forensic artist with Guardian Digital Forensics.
Daniel retrieved hundreds of contacts, text messages, emails and a few compromising photos during his first, cursory review of the phones. Many phone photos now embed geo-location data that pinpoints exactly where the photos were taken, which is “quite frightening,” according to Daniel.
“This person took multiple pictures of themselves posing nude. You can see who they were sent to,” he said. “You could post those pictures on (the woman’s) Facebook account. You could put them on Pinterest. You could put them on Twitter. You could put them anywhere that will allow you to post photos.”
Most of the information Daniel found was easy enough for the average person to access. Then, using data recovery tools anyone can download for free on the Internet, he found more concerning information on one man’s phone.
“We were able to recover email addresses – his email addresses, his friends’ email addresses – his Skype account information, his dog’s name, his interests – such as that he plays Dungeons and Dragons – where he works, his shifts at work based on his calendar. We have access to his Gmail account, so we can read and view all of his emails,” Daniel said.
“We also have access to his Twitter account, so we can go in and post things … recent locations where he was based on GoogleMaps and also access to his Dropbox account, which is a cloud-based storage system for your files,” he added. “But since it's already connected to the phone, we can access his files without needing his username or password.”
Daniel said he also found “very interesting conversations between what look like bookies and gambling” on another person’s phone.
Discarding a phone with private information on it can be unsettling, according to Daniel, but how that information is used, if found, can be personally and financially devastating to the original owner.
“I could send someone's wife an email if I got one of these phones, asking for information such as, ‘I forgot your Social Security number. I forgot the password to our bank log in,’” he said.
To delete private information before discarding a phone, Daniel suggests going into the phone’s settings and using the factory erase or factory wipe feature (the factory reset feature does not always delete information). Then, open the back of the phone and take out the battery, SIM card and SD or micro SD card, if the phone contains them, and discard those separately.
Those who have critical information on their phone, such as business or financial data, should go to the phone’s carrier to get it wiped clean.
“It's a great thing to recycle. It's not a great thing to give away your personal information,” Daniel said.
Pam Swanstrom gave her old phones to 5 On Your Side for testing. She wanted to sell her old iPhone but was uneasy about what personal information might still be on it and some of her older phones, even though she used the factory erase feature.
“Any kind of personal data, credit card information, passwords, anything like that – that could be a problem,” she said.
The 5 On Your Side team took Swanstrom’s phones to Daniel to see what he could dig up.
“Nothing was recoverable. It was completely clean,” he said.
“Really? That’s awesome,” Swanstrom said. “I am going to put it on eBay.”
Daniel also examined phones from an area pawn shop, as well as old phones from 5 On Your Side’s coworkers and friends who believed they had stripped their phones clean. All of the devices had been erased properly, Daniel said.
How to protect your phone if it's lost, stolen, ruined
Consumer Reports estimates that, in the past year, more than 7 million smartphones were lost, stolen or ruined. Researchers found that 40 percent of smartphone users did not take any precautions to protect their information, such as backing up their data or setting a screen lock.
For those who do set a screen lock, Consumer Reports suggests making the password longer than four numbers. Instead, set a longer pass code with letters and symbols.
Android phones let you do it by going to "settings," but then each phone is a little different. On one, choosing "security" and then "screen lock" gets you to the password reset. On another, you can choose "lock screen" and then "screen lock" to change your password. It just depends which phone you have.
With iPhones, it's even trickier. Under "settings," choose "general" and "pass code lock." Check that the "simple pass code" is turned off. Then choose "turn pass code on." Now, you can enter your longer pass code.
Smartphone users should also beware of applications that ask for permission to do too much, such as a simple flashlight app that asks for the phone user's location and information about calls.
Consumer Reports says free apps could be selling your identifying information. A variety of parties, including Apple and Google, which offer apps for the iPhone and Android, may be able to collect enough information including your phone's location and its unique ID to track your activities.
Users should also beware of free WiFi. Millions use the connections for financial transactions, making it easy for someone else to grab your information.