Monday, May 20, 2024
Smartphone news

MD Researchers Many Police Auctioned Cell Phones Contain Personal Data / Public News Service


In a recent study, researchers at the University of Maryland found personal data remained on many used cellphones purchased through a police auction website.

Police departments typically acquire phones through civil asset forfeiture, but are sometimes the destination for items from the airport lost and found. Over a period of months, UMD researchers purchased 228 used phones from PropertyRoom.com, a reseller partnering with thousands of police departments.

Many of the phones contained personal information. One phone used in an identity theft scheme was resold with the identity theft victims’ complete credit histories. The researchers did not use any software to break into the phones.

Dave Levin, associate professor of computer science at the University of Maryland and the report’s author, said they found many people are not taking basic precautions.

“First off, choose a good pin,” Levin urged. “We found about 20% or so of the phones that we ended up purchasing didn’t have any pin we turned it on and it was just unlocked. For the other phones that we got into we guessed the pins because the pins were things like 1234, 6666 these types of things.”

Researchers notified PropertyRoom.com, which advised them it will no longer sell phones with personal information. PropertyRoom.com did not respond to our request for comment.

To address issues with other resellers handling lost-and-found items, such as web outlets or pawnshops, researchers say legislation would be needed. While the issue of law enforcement reselling electronics containing personal data could also be addressed by legislation — which at a minimum required the devices to be wiped clean — Levin argued the best approach would be for police departments to not resell phones.

“We didn’t use any of the clever tools and tricks,” Levin pointed out. “Prior work has shown that even when you think you wipe something, it might not wipe something altogether. Not necessarily. We’ve seen that on phones, but it just the safest thing would have been to just destroy the phones altogether.”

With the power of modern cellphones to handle so many tasks, the amount of personal data stored on the devices can be vast.

Richard Roberts, a doctoral candidate at the University of Maryland and student project lead on the study, said many of the phones contained a lot of personal information.

“For over a quarter of the phones, about … 27% that we purchased, we were able to super easily see all of the personal information from the previous person who owned it,” Roberts recounted. “Whether that was texts, phone calls, emails, photos, anything that was on the phone.”

UMD researchers destroyed the phones after the study was concluded.

get more stories like this via email




READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.