SANS Institute warns improper mobile phone disposable results in data theft

Mobile phone users fail to acknowledge the security implications of their actions and thus expose themselves to the threat of data theft

Tags: Cyber crime
  • E-Mail
SANS Institute warns improper mobile phone disposable results in data theft Ned Baltagi: "Today, mobile devices store far more sensitive data than users realise, often more than their personal computers."
By  Aasha Bodhani Published  January 12, 2017

The SANS Institute is warning mobile phone users that the security implications of wrongly disposing old devices could expose themselves to data and cyber threats.

The UAE and Saudi Arabia boasts over 90% smartphone penetration, which is typically due to smartphone manufacturers, such as Apple and Samsung offering yearly upgrades.

Ned Baltagi, managing director, Middle East & Africa at SANS, said: "Today, mobile devices store far more sensitive data than users realise, often more than their personal computers. This information can include where they live, work and the places they visit frequently; contact information for their friends, family and co-workers; messages and chats; web-browsing history; personal photos, cloud storage and email; and even stored passwords and access to highly sensitive services such as online banking.

"Even a few leaked details can leave users vulnerable to social engineering and phishing attacks which open the floodgates to even more malicious and damaging attacks such as identify theft, and cyber fraud."

SANS advises mobile phone users to ensure that all sensitive data is erased which means users should wipe their phones, a process that involves not only deleting the stored information but overwriting it, often multiple times, thus rendering it unrecoverable. Of course, this also means users need to properly backup their phone prior to the process.

An easy way to wipe data from a smartphone is to use the phone's inbuilt ‘factory-reset' feature. While this works effectively for the iOS and Android operating systems, it isn't effective for Windows phones. Also, for this to be effective, it is important to first encrypt the phone before running the factory reset as this ensure that the data is unreadable once restored to factory settings.

In addition to storing data on the device itself, smartphones tend to save some information on the SIM. Unlike the phone's internal storage, a factory reset does not wipe data from the SIM. Often, when moving from one device to a newer model, due to size differences, or the need to change the mobile number, users need to purchase a new SIM card. In such scenarios, it is best to physically shred or destroy the old card to prevent it from being reused.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code