50% of second-hand phones contain PIN numbers and personal messages, claims study

The surging business in second-hand handsets--partially driven by better trade-in deals, has revealed that consumers are unintentionally passing much of their personal data to strangers.

According to research from the mobile and forensics firm Disklabs, an analysis of 50 second-hand mobile phones bought on eBay found that more than half contained personal messages or photos. In excess of 60 per cent still contained phone numbers left on a call log, and a number were sold with pornographic material still on the phone.

Of most concern, Disklabs found personal security information, including home address, credit card numbers and pin numbers, on 26 of the handsets.

Simon Steggles, director of Disklabs, said, "Any data left on the phone is effectively open to the public domain. That could be as varied as intimate photos, videos and text messages... People hit 'delete' and think that means it is gone for ever, but that's not the case."

In an effort to make users aware of the issue, Steggles has called on operators to take more responsibility in educating the public about controlling their data. "It's unfair to expect consumers to understand the possible ramifications of leaving data on their phones."

Commenting on the growing security problem, Rik Ferguson, a security adviser at Trend Micro, said that consumers needed to get in the habit of encrypting valuable personal and intellectual property at file level. "That way, even if it is lost or stolen it is of limited value or use," he said, anticipating a swathe of new services that offer encrypted services for consumers.

"What would be ideal is some sort of technology where you as an end user would be able to assign the right to use, copy or distribute information about yourself to people of your own choosing," concluded Ferguson.

For more on this story:
- read The Guardian

Related stories:
Mobile device security in the enterprise: patching up and catching up
3G encryption can be broken in 2 hours, 'suggest' security experts
Rogue femtocells could be used to steal user data
SMS spam epidemic on its way, warns security expert