By Herb Weisbaum Published: May 4, 2012 at 11:16 PM PDT Last Updated: May 7, 2012 at 6:37 PM PDT
SEATTLE — Technology evolves in leaps and bounds, which means cell phones and laptops that were on tech’s bleeding edge a few years ago will soon be woefully outdated.
But what do you do when you don’t want those old electronics anymore?
You can sell them, recycle them or give them away. But experts say the best way to avoid identity theft is to destroy them.
Most smart devices are designed to save your personal information. You may think you’ve erased everything, but that cell phone or tablet computer could still be loaded with data — just the sort of stuff an identity thief needs to target you.
Robert Siciliano, an identity theft expert with McAfee (the digital security software company) did a little experiment to find out how often this happens.
“I was surprised that I found people’s entire digital lives,” he said.
Like many of us, Siciliano used to sell his old digital devices when he upgraded to new ones. But not anymore.
“I will never, ever sell a device that has storage in it ever again,” he said.
Siciliano went on Craigslist and bought a bunch of digital devices.
“I bought iPhones, iPods, laptops, desktops, netbooks, notebooks,” he said. “I wanted to see what type of information I could find on them.”
Of the 30 devices he purchased, Siciliano said he was able to retrieve data from more than half of them.
And the scariest part is that in most cases, the person selling the devise thought they had purged the data by following the manufacturer’s instructions.
Despite their best efforts to scrub the electronics, Siciliano said someone who knows computers wouldn’t have a hard time retrieving the data.
“I bought this from a student. It had all of his personal information, banking information. It had photos and videos, videos of him at a concert and also a lot of pornography. Way too much information for me,” he said.
Without much effort, Siciliano was also able to uncover personal and financial information from a family’s desktop computer. It still had their banking information and Social Security numbers.
Siciliano said equipment manufacturers and software developers need to do a better job, so people can effectively erase and delete the data stored on their devices.
“A problem with a lot of the digital devices we have today is that when you reset the operating system, when you reinstall or reformat, it doesn’t often do the job it says it does,” he said. “So you’re leaving a lot of bread crumbs that can be all spliced back together, which allows a bad guy to basically steal your identity.
Based on his experiment, Siciliano said Blackberries were the best at completely scrubbing deleted data. Apple products also did a good job, but Android devices didn’t fare as well in the tests. Even when people did a factory reset, Siciliano still found a tremendous amount of data on the Androids.
He also found that it’s difficult to completely scrub devices that run on Windows XP.
“This study scared me so much because I’m just as guilty as anyone else of selling devices on Craigslist. I will never, ever sell a device that has storage in it ever again,” Siciliano said.
Instead of selling or donating the devises, Siciliano advises people to destroy them.
“I will take it and put it in a vice and I will drill holes through it,” he said. “I will smash it with a sledge hammer. Or I’ll put it in a bucket of salt water for a year. But you’re not going to see me selling it on Craigslist.”
And it’s not just sellers who should be worried. Siciliano found that many of the used smart phones and computers he bought came with viruses or other malicious software. If he had used them, his personal information could have been compromised.
Asked to respond to Siciliano’s findings, Microsoft said its new software has considerable security and privacy improvements. Google did not respond.