Android Factory Reset Not 100%

Tuesday, May 26, 2015 @ 03:05 PM gHale

The “Factory Reset” feature in Android devices is not as effective as it should be, researchers said.

After analyzing the factory reset feature on 21 Android smartphones from five different vendors, researchers from the University of Cambridge found up to 500 million devices may not have undergone proper sanitation.

Android Hole Allows Fake Downloads
Androids Vulnerable Hijacking Attacks
Rise in Android App Issues
Android, iOS Apps Vulnerable to FREAK

The researchers tested devices acquired from eBay and phone recycling companies in the UK and ran versions 2.3 through 4.3 of Google’s mobile operating system.

Researchers’ tests revealed that up to 500 million Android devices might not properly sanitize the data partition storing credentials and other sensitive data. Furthermore, up to 630 million devices might expose multimedia and other files stored on the SD card.

Oftentimes mobile phone owners sell their old devices when they buy new ones. A 2013 study found the used smartphone market would grow to more than 250 million units by 2018.

Most users are aware they must delete personal information from their smartphones before passing them on. This usually occurs by using the factory reset feature and by formatting the external memory card.

However, as antivirus company Avast discovered in 2014, these methods are not very efficient. Researchers managed to recover more than 40,000 files from 20 second hand Android smartphones using readily available recovery software.

With that knowledge, researchers at the University of Cambridge conducted a thorough analysis of the factory reset functions in Android and they have determined it is possible and potentially very easy to recover sensitive data.

Researchers managed to recover details on the phone owner, information on previously installed applications, contacts, browsing data, credentials, multimedia files, and conversations (SMS, email, chat) from all the tested devices using automated pattern matching and file carving, a technique used to search for files by knowing their content and structure.

In one case study in the research paper, experts demonstrated how an attacker could hijack Google accounts by recovering deleted authentication tokens.

These authentication tokens end up used to log in users to their accounts after they first enter their password. By recovering the master token for a Google account, which according to researchers is recoverable 80 percent of the time, an attacker could re-synchronize the targeted user’s contacts, emails and other information.

The Android versions on which the researchers based the tests are older but, according to Google, they are still on roughly half of the devices running. It’s unclear if the factory reset feature is just as weak in newer versions of Android.

“The extraction of data from resold devices is a growing threat as more users buy second-hand devices. A healthy second-hand market is valuable for vendors as people are more willing to buy expensive new devices if they know they can trade them in later,” researchers wrote in their report. “If user fear for their data, they may stop trading their old devices, and buy fewer new ones; or they may continue to upgrade, but be reluctant to adopt sensitive services like banking or healthcare apps, thereby slowing down innovation. Last but not least, phone vendors may be held accountable under consumer protection or data protection laws.”

Google said a factory reset feature with secure wipe directly integrated in the platform is available in Android 3.0 and greater, versions currently installed on over 94 percent of Android devices. In these versions, data should end up wiped in a way that prevents recovery.

However, Google noted this Android implementation relies on other hardware and software in order to make a complete wipe, and in some cases these components don’t function as expected.

Leave a Reply

You must be logged in to post a comment.