Look who’s got your number

Emails, contact names, personal files and intimate selfies…In this age of smart phones and social networking Shonali Muthalaly talks to experts about how vulnerable our private lives are

July 24, 2014 05:06 pm | Updated November 16, 2021 12:43 pm IST - chennai:

Stalkers, enemies, and thieves can abuse personal data to stalk, blackmail and steal people’s identities.

Stalkers, enemies, and thieves can abuse personal data to stalk, blackmail and steal people’s identities.

Who’s looking at your pictures right now? If you’ve ever sold a used cellphone, it’s likely a complete stranger has sifted through your most intimate memories.

Recently Prague-based security firm Avast made news when they bought 20 used Android phones off eBay, then used basic recovery software to restore deleted files on them. In the process the analysts found more than 40,000 stored photos, out of which 1,500 were pictures of children. The Avast blog also states that they retrieved “More than 750 photos of women in various stages of undress” and “more than 250 selfies of what appear to be the previous owner’s manhood.”

In this age of smart phones and incessant social networking, where the lines between public and personal lives are blurred, we are unequivocally vulnerable. Ironically, at the same time, we have never been more careless with personal information.

Jaromir Horejsi, malware analyst at Avast Software says the experiment began when an employee accidently erased his phone’s memory, then found that he was able to resurrect all his files with a “little searching and an inexpensive purchase”. That made him wonder how many other people consider their data permanently gone, when it’s still retrievable by anyone who gets hold of your phone.

Horejsi says, “As the old saying goes, a picture is worth a thousand words. Now add private Facebook messages that include geo-location, Google searches for open job positions in a specific field, media files, and phone contacts. Put all of these pieces together to complete the puzzle and you have a clear picture of who the former smartphone owner was. Stalkers, enemies, and thieves can abuse personal data to stalk, blackmail and steal people’s identities.”

For a generation that’s grown up with technology, we know astonishingly little about how it works. “For years lots of bloggers, including me, have been screaming to people that their data is not safe. Especially with androids where factory reset simply deletes the top layer,” says Karthik Kamalakannan, a tech writer who also works on developing android, iOS and web applications for the future. Avast compares it to deleting the index of a book — so pointers are removed, but chapters remain. “It’s like sticking a clean paper over it,” says Karthik, adding “so information never gets erased. It just gets overwritten.”

While Avast’s experiment also uncovered 750 emails, 250 contact names and one completed loan application, the main reaction — from media and the public — was horror at the idea of explicit selfies going public. This, by the way, isn’t the first scare related to cell phone selfies. Over the past couple of years ‘revenge porn’ has been getting attention. This is sexually-explicit media — a majority of which are selfies — shared online along with personal information, without the consent of the pictured individual. (It’s typically uploaded by an ex- partner or hacker).

Fifteen years ago, this might have worried a niche group of people. Today, if you’re under 30 years of age, it’s about 50 per cent of the people you know in the same age bracket. A set of interviews done with college students and young professionals pegged the number higher, with many of the girls saying that at least eight out of 10 of their friends have taken intimate selfies to send to their boyfriends. One student said it’s become especially common with Snapchat. Some said they take at least one a day. (It seems more frequent with people in long-distance relationships.)

Despite the Avast story, all were still fairly casual about taking these pictures, with one respondent saying, “I think to a large extent, when you take pictures of yourself, a part of you knows there is a risk of someone else seeing it or making a copy of it.” The common solution seems to be a “chin and below” code.

All the people interviewed said they change their phone at least once a year — usually by exchanging it for a newer model. Old phones are sold after erasing the pictures, and a ‘factory reset’. Discussing how important it is to ensure your information is safe, Suresh Jumani who runs Chennai-based Mobile Zone store, cautions against simply looking for the cheapest deal, as in many big multi-brand outlets a large number of floating staff handle old phones. “We have seen people hand in phones without even logging out of Gmail, Whatsapp or Facebook,” he says, going on to discuss how his staff are instructed to do a proper master re-set, ensure the data is over-written and then reformat the phone before selling it to another customer.

Androids tend to be more problematic than iPhones which automatically overwrite data with a factory reset. As an additional precaution Jumani keeps a ledger listing names of the customers so they know who bought and sold each phone. “Chennai’s got the maximum churn rate,” says Jumani, “People change their phones once in eight months, on average, as opposed to Mumbai and Delhi where it’s once a year. The old phones are often bought by students, some of whom sell them again.” So in a lifetime a phone can have anything from one to 10 owners.

Robert Siciliano, an Identity Theft Expert with Hotspot Shield conducted an experiment similar to Avast’s in 2012 when he bought 30 mobile phones and laptops from Craigslist and recovered personal data from 15 devices. Discussing how the “public is blissfully unaware of the risks posed with their personal information leaking,” he says he’s also been guilty of selling old devices but will never do that again. If you’re selling your phones he suggests you “seek out software that promises to rid the device of any data beyond a factory reset.”

Or, do what he now does to make sure you’re absolutely safe. “Old phones should be destroyed. With a hammer.”

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.