Cell Phone Recycling could pose data security issues

Cell Phone recycling companies are campaigning to warn Smartphone users about the dangerous of police programs like forensic data recovery software and how it could jeopardised their private data. According to UK recyclers Bozowi Sell My Phone, since forensic data retrieval software was made available to the public extra precautions need to be taken when selling your handsets to other people.

The recyclers said "Data recovery software was originally used by police investigators to retrieve hidden data left on criminal suspect's phones. Now this type of software has been made readily available to the public, even if a cell phone user deletes the data or performs a factory reset, their information could still potentially be recovered"   

In a nutshell this means traditional erasure methods like factory resets or standard data wipes do not properly remove all of the information, they only destroy the data pathways. Flat data for photos, videos, passwords, apps and SMS messages can still be left behind in the phones' solid state memory. Forensic data software exploits this by reforming the pathways and extracting the hidden flat data.

The vast majority of phone recyclers do not recycle cell phones in the traditional way, which once consisted of selling the individual parts separately to eliminate the continuing landfill accumulation. Now for economic purposes recyclers simply sell them on to new people, often to international clients in bulk. This means when a consumer recyclers their cell phone, they are in essence passing it on to a new owner and risking their hidden data being recovered.     

According to responses from various technology experts, there is a way to avoid having your cell phone's data recovered but only particular types of erasure services can achieve this. A data erasure method called 'DoD 5220.22-M Sanitization' seems to be what most experts recommend.    

Technology author Tim Fisher wrote this in an earlier article for About.com -"Erasing a hard drive using the DoD 5220.22-M data sanitization method will prevent all software based file recovery methods from lifting information from the drive and should also prevent most if not all hardware based recovery methods."

This method is available as a service, but is usually referred to as a 'Permanent Data Removal' or a 'Military Data Wipe'. At the moment only a handful of phone recyclers offer this service. Bozowi's Managing Director pleaded with other phone recyclers saying "The more phone recyclers that offer a permanent data removal service, the more confident consumers will be in the phone recycling process. The fact so many recyclers are ignoring this issue is incredibly concerning because in the long scale of things, this is going to determine the longevity of our industry."     

Reference Links

Bozowi Sell My Phone - (link to) - http://bozowi.co.uk/sell-my-mobile

Tim Fisher - (link to) - http://pcsupport.about.com/od/termsd/g/dod-5220-22-M.htm