Two-thirds of used memory cards contain the personal data of previous owners.
Portable storage media is a very good thing. They allow you to keep the information you need at the moment. Photos, text, video - all this can now fit on a map the size of a thumbnail. It is clear that on such media users hold data, access to which people would hardly have provided to strangers in a normal situation.
The problem is that when you sell a card or transfer it to another person, all this personal data may become “public knowledge”. Just few people think about correctly deleting information when selling / transferring a memory card to another person. Regular deletion of files or even formatting is unlikely to help, since data can be restored if desired. But the fact is that some users do not even delete anything, but simply transfer the card along with the information stored on it.
Some cards do not pull out of mobile phones and tablets when selling. Someone forgets about them, but someone doesn’t care at all, and there are quite a few such users.
Scientists of the University of Hertforshire decided to check the status of used memory cards, that is, whether the information of the previous owner is erased or not. For this, they purchased about 100 cards on eBay, other auctions, in stores of used phones, etc. Then the experts made a copy of the card and studied the possibility of data recovery. Most of the SD-cards previously worked in tablets and phones, although there were also those that were used in cameras, navigators and even drones.
The data that was recovered showed how much the owners of these storage media blithely regard their own data. In particular, on SD they found selfies, photographs of documents, various contact information, pornography (where they could be without it), files for navigators, browser history, identification numbers and data of other personal documents.
“The study shows the possibility of using used media as a source of personal data that can be sold or used by attackers immediately. Despite the fact that the media show the importance of protecting personal information, not all people actually pay enough attention to this, ”says the study leader.
In particular, thanks to the data of the navigator, one can understand where the user's home is. In addition, the attacker can find out on what roads he usually moves. In addition, you can find out the personal preferences of many people, as well as access to password-protected documents.
As for the university, which conducts research in this area, but its specialists "focus on developing tools and technologies that allow you to respond quickly to a wide range of hacker attacks."
Representatives of the organization believe that users leave data inviolable before selling less frequently. Nevertheless, the disk is either formatted or all sensitive information is simply deleted. But the study of scientists has found that information can be recovered without any problems, using free software.
And the people who used the cards, leave their personal photos, by which they are very easy to identify. After studying 100 memory cards, the scientists got the following result:
- 36 cards were not erased at all. The seller did not bother with deleting the data;
- 29 memory cards have been formatted, but data can be easily recovered, and with minimal effort;
- The data from the two cards were simply deleted - in the most usual way. Accordingly, the information was able to recover all;
- 25 cards were formatted, with previous users doing everything right;
- 4 cards did not work;
- There was no data on 4 cards.
In 2008, the Techradar team conducted a similar study, only the hard drive was the center of attention. The company bought used winchesters at online auctions like eBay, studied the contents and tried to recover the data.
As it turned out, a huge amount of personal information was stored on the disks, including documents and photographs.
Anti-virus company Avast was engaged in the study of second-hand smartphones in 2014. And the results were similar - users sold phones with a huge amount of personal data. At that time, more than 40,000 photos were discovered, including nude-style pictures, financial applications with saved passwords, contact lists, photos of children, and much more.
As for the cards, it has already been mentioned above that some of them are formatted before sale (about a third). The problem, however, is that this data is not so easy to delete - special methods are needed. The most reliable way is to first encrypt the card, and then format it.