|
    Used PDAs and Smartphones Pose Data RiskPosted By: Ryan on Wednesday, August 30, 2006 4:13:32 PM
Used smartphones and PDAs for sale on eBay and other online sites can be loaded with sensitive personal and corporate information ranging from banking records to text messages and corporate emails that can be easily retrieved by hackers and data thieves, according to a sampling by mobile security software provider Trust Digital.
Trust Digital engineers recovered nearly 27,000 pages of personal, corporate, and device data from nine of 10 mobile devices purchased through eBay for the project, including a smartphone sold by an employee of a major corporation. The salvaged data included personal banking and tax information, corporate sales activity notes, corporate client records, product roadmaps, contact address books, phone and Web logs, calendar records, personal and business correspondence, computer passwords, user medication information, and other private, competitive or potentially damaging material. The information was retained in the flash memory of the devices because of users’ failure to perform the advanced hard reset required to delete the data. The nine devices with retrievable data included those belonging to a former employee of a publicly traded security software company, an employee of a web services firm, and a corporate counsel of a multi-billion dollar technology company serving the legal market. The tenth device in the test was never used.
“Personal and corporate data is being sold on the open market through eBay, and it’s also available to anyone who finds, steals or purchases a used smartphone or PDA from any other source. With nearly 2 billion smartphones currently on the market, the potential for having this information fall into the wrong hands is staggering,” said Nick Magliato, CEO of Trust Digital. “The general public needs to immediately be made aware of this fact. Whether you’re talking about pilfering an individual’s private files or stealing corporate secrets, this adds up to a very real data theft epidemic,” Magliato noted. Consumers can protect themselves by enabling the password function on their devices, asking their cellular carriers for information about data security, and “hard wiping” their devices before selling them. Owners of Palm Treo 650s and RIM devices should consult the respective vendors to access the built-in hard wipe function. For other devices, commercial hard wipe products are available.
Palm Zero Out Reset
More Stories Like This...  Hands-Free Phone Driving Law in California New and Updated Palm OS Software Palm's Stock Gets a Boost from Verizon and Future Prospects VersaMail Personal Edition Released for Verizon Centro Users Alltel Treo 755p Rom Update Now Available Motricity Sells PocketGear Business to Its Own Co-Founder More articles about General News
Article Comments
27 total comments The following comments are owned by whoever posted them. PIC is not responsible for them in any way. login or register for free in order to post comments.  RE: Secret!
Agreed - I've used it about 8 years. But the developer keeps making ridiculously incremental changes and calling it a "new version," which keeps me from purchasing licenses on any larger scale. It's a $30 program - why should I pay nearly half that amount again because he fixed a couple things? (Version 3.x to 3.5: $12!)http://linkesoft.com/secret/order.html More and more I'm avoiding developers that can't agree to include bugfixing their own coding and basic improvements to accomodate incremental hardware changes without demanding payment for their "new" version. Guys like Ranosoft.net are the cream of the developer community - pay me once for a license, and you are guaranteed license to my current version - no B.S. I've bought stuff from him I marginally wanted, just because I knew it would encourage him to keep improving it. Iambic used to have that policy and I used to recommend them heartily - but since around version 4 or 5 they went down the "other road" of milking every improvement or adjustment into a "major upgrade" that co$ts, co$ts, co$ts. I think it's costing THEM in the long run... Iambic is the king of upgrade charges!!!
At the risk of highjacking this thread. Iambic is the King of charging for bug fixes pretending to be ugprades. They put out junk code, then charge for for the 10.1 version which fixes it, then charge for 10.2 which fixes v10.0 & v10.2. I quit purchasing their products years ago..I think I owned v8 last. Never again. They have a profit center built around charging for their own bug fixes. I quit them a couple years ago. They're the worst kind of software company. RE: Secret!Dr Opinion @ 8/31/2006 12:55:20 PM #
I agree. In the past, Iambic have shown themselves to me to be the worst kind. The combination of nice UI and buggy code reminded me of microsoft, actually. How can it be possible to spend more getting bugs fixed in your calendar software over a couple of years than your palm device? What I hope is that Iambic eventually hear what customers say, and change their vision. It seems however that there are enough Palm users to say, "oooh, it's really shiny", put up with a low quality experience, and put up the $$$. I once had a terrible support experience with one of their coders. Their handheld organizer application offered repeating todos that didn't seem to work if you used Palm Desktop to check off todos. Since Palm Desktop use should be somewhat taken for granted, I explained the context and asked their support people to confirm that this was a bug. The guy came back to me, ignored my request and just gave terse instructions on using the feature on the handheld. I asked again, being perfectly clear, and the guy sent a sneering reply and repeated instructions for using the feature on the handheld. I tried on more time and got an even more sarcastic and sneering reply. His attitude was pure Iambic: "I'm going to treat you like a moron, because, let's face it, if you weren't a moron you wouldn't be using our product." I learned my lesson. :)
Attitudewe_tellurian @ 8/31/2006 2:10:22 PM #
What we are seeing is a shift in attitude which is not good for any economy. Good service is based on valuing the customer. Why treat them as a competitor? Even professionals do not treat ones another with disrespect. We listen to all and accept that freedom of speech requires discipline and respect. True some people when sad act out of character. E-T what about desktop security?ackmondual @ 9/1/2006 4:07:11 PM #
@Gekko or really any1 who knows But Secret does NOT prevent Hotsyncing to PC or protect info being HS-ed to a PC? If this is true, then woudln't ID theives be able to just HS the info to a PC and then use hex tools to read the over-there unencrypted data? the secret to enjoying your job is to have a hobby that's even worse My PDAs: Visor --> Visor Neo (blue) --> Zire 71 --> Tungsten T3 (with 4 _GOLDEN_ screws) + zodiac 2 RE: Secret!e_tellurian @ 9/1/2006 5:04:23 PM #
:-(lol) i do not know about any secret. But i can share some thoughts on desk top security. You will need a we-com virtual wallet assure you will always have access to your thoughts. Regardless of how angry, up set, emotional a good friend can get when his feeling are hurt or change occurs in management. A we-com virtual wallet will not deal with issues of site management, which would contradict some fundamental freedoms that make this whole place do what it does. What it will do is assuring your thoughts are yours and no one else's. To build requires our own thoughts shared collaboratively as individuals without other issues causing desk top security issues... Peace, E-T Completing the e-com circle with a people driven we-com solution RE: Secret!
ackmond - Secret! encrypts the palm database file (.pdb) so even if it is synced to the PC via hot sync backup, it is useless without the encryption key. Details are on the developer's site. RE: Secret!e_tellurian @ 9/1/2006 8:18:44 PM #
:-I mmm
Off topic: Eh i wrote some "crap" over at PDA. You folks are not alone. Hopefully it will cheer some folks up. We have an offer on the table. Its just has to be tabled in a way that will not exclude any core thoughts, while not breaking any securities laws. True, this is new, however, can link all together under research umbrellas? Where is our resident cyber lawyer? Some have to start recovering our democratic capital. Dividends, Royalties, %, whatever is going to be best for the share holders based on the e-tellurian offer? Any thoughts? E-T Completing the e-com circle with a people driven we-com solution 
 Palm Zero Out Reset
Anyone ever tried to do this Palm Zero Out Reset? You need to be a friggin contortionist with 3 hands and 33 fingers in order to pull it off - and even then it only works 1/100 times. RE: Palm Zero Out Reset
I didn't mind the Zero-out process on the 650... it was rare that I needed to do it, and it's meant to be something that's never going to happen by accident. Somehow Palm (or more likely Handspring) did a little thinking on this one. But to those of use who have been with Palms since the US Robotics days... it takes a leap of understanding to remember to do this process, as leaving out the batteries after a hard-reset used to be foolproof for cleaning out the memory. No longer in the new NVFS days. Now the 700p has some of Palm's engineering fingerprints on it - no longer can you clear out the NVFS with a stylus, hotsync cable and a bit of contortion. Oh, no - *NOW* you have to (1) be smart enough to know about this issue, and (2) patient enough to call your cell carrier and educate their service people enough about a "zero out reset for a 700p ("no, not the 650 method - the 700p...")" so that they (3) take the time to give you a custom "##" code and instructions to activate it via the keypad. The 650 method was MUCH quicker and foolproof, you're at the mercy of the Carrier's skillset on this one. It's pretty obvious why 9 out of 10 devices contain data - it doesn't seem the device manufacturers or carriers have much interest in protecting your data. People with that same mindset download boatloads of your social security information into their laptops and leave them on the passenger seat of their cars as they drink themselves silly on the way home from work. And they leave it to *YOU* to clean up the mess they make. RE: Palm Zero Out Reset
I emailed Palm Support (read their note about not posting what they tell you in the email) about the zero reset on the Palm Treo 700p. Their response to me was the Treo 700p does have a zero reset option like the Treo 650 does, and that a hard reset would restore the Treo 700p to factory settings. I did try the zero reset option and it does not work despite doing it 100% correctly so either there isn't an option, it doesn't work I didn't do it right even though I know I did.
Since data security when selling our old phone is a huge issue you need to be sure and I for one do not trust Palm on this matter.
we-com virtual wallet data security
this is the one big negative of the we-com virtual wallet IMO. the prototypes that i have seen are not confirmed to be 100% data secure. i'm guessing this is why E-T and the we-com crew have been struggling to bring it to market despite LOTS of interest from all of the big venture capital players. but if it hits, it will hit BIG. RE: we-com virtual wallet data security
The opening of broader based and collectively analyzed ideals will sharpen the senses of the nomadic enterprise mentality leading to greater resources for the sharing of ideas. This is a win win for everyone in the new paradigm, void of conflicting energies and debt-free chaotic structures and economies. These coming developments ensure the free exchange of ideas on an exponential component which is detrimental to few and prosperous to many. In other words, the Treos have so little memory on board that when the SD card is removed it is impossible to contain enough data to actually qualify as "sensitive". Simply load a couple of unit conversion freeware apps and the memory will be full, effectively erasing all past data. 32mb was superior foresight by Palm. Cheers Et tu, Pat? Et tu?The_Voice_of_Reason @ 8/31/2006 1:41:06 AM #
Buzzword Bingo makes my head hurt. TVoR RE: we-com virtual wallet data securitywe_tellurian @ 8/31/2006 12:08:57 PM #
The issue of US222 billion as a result of identity theft is purpose for a prototype that can be tested with nations that have helped to bring forward this thought. Trade starts with valuing thoughts. Our crew does not want to sink e-knarr, we are fully aware of choices and consequences. FIOS must be rock sold. We would not choose to see interaction between new IT (internet technology) compromise IT (information technology) and visa versa. Working to enhance wallets is what we choose. Our group has spent many years interacting with great minds. These minds do not work for free, hence why our markets unlike others value the concept of equity. E-T
RE: we-com virtual wallet data securitywe_tellurian @ 8/31/2006 12:31:22 PM #
Please do not forget to include the fact that PDAs interaction is not the same as an actual we-com virtual wallet. People driven hardware is needed too. E-T RE: we-com virtual wallet data security
equity drives decisions. without equity, there are no real decisions. however, no decision is a decision. the crew has spent many years working without much pay or equity. is this why we are still facing the wall? who do we choose to add to the people we already have? how do we use our collective thoughts to jump over the wall? If US222 billion and CAN $250,000,000 at risk can not drive this concept home, what can? how many decades must we wait? choices, decisions, consequences. peace. RE: we-com virtual wallet data securitywe_tellurian @ 8/31/2006 3:11:53 PM #
Nations need taxes to pay for choices. If people are not free to securely pursue their thoughts with the choice to share the wealth of this freedom with those that have risk their thoughts, then what is the purpose of choices? Not all are going to want a secure way to exchange capital free of human abuse. Some have become so tired of the abuse of humanity that they have chosen more choices. We are not offering this to all just those that can/want to choose. E-T
RE: we-com virtual wallet data securitywe_tellurian @ 8/31/2006 3:27:53 PM #
To add i am going to log off. If i can not log back in as a consequence of choosing not to deny e-t a place i will not communicate here again. Peace, E-T RE: we-com virtual wallet data security
I think I hear the salt trucks warming up in Hades! Pat Horne RE: we-com virtual wallet data security
Blessed are those who have been persecuted for righteousness' sake, for theirs is the Kingdom of Heaven. 7 Faces of Geeko...The_Voice_of_Reason @ 8/31/2006 9:17:44 PM #
Why is Geeko posting here under the we_tellurian User Name? Creepy stalker. RE: we-com virtual wallet data securitywe_tellurian @ 8/31/2006 9:43:06 PM #
:-(lol)
A we-com virtual wallet will help with your comment. Thanks for the we_tellurian now i am accused of breaking more rules. E-T
Security a two way streetwe_tellurian @ 8/31/2006 1:34:09 PM #
The data sent to an enterprise is as vulnerable has that stored upon any digital device. If we are going to focus on one then we must focus on the other. Temptation is what is is. We see value in the development of a we-com virtual wallet. The development of such choices between nations that have shared thoughts for a prototype is logical. New hardware will be needed to offer secure FI choices. If US222 billion and CAN $250,000,000 did not occur we would have more choices. Either way we have more choices now more purpose too. Peace, E-T RE: Security a two way street
sorry for asking... but who the heck is this "we_tellurian"? Someone posting from their Treo mounted in their flying saucer parked at Area 51 or something?
Much of this thread is unreadable to those of us who are hesitating on your kool-aid party.
Used PDAs and Smartphones Pose Data Risk
I mentioned this in the forums yesterday!
|
Special Deals
Palm Reading? |
||||
PalmInfocenter.com is not affiliated with or endorsed by Palm Inc, Access or PalmSource in any way.
Any use of the word Palm is for discussion purposes and is a registered trademark of Palm Inc.
Unauthorized reproduction of content is strictly forbidden.
© MobileInfocenter.com, all rights reserved.
The analysis highlighted the vulnerability of individuals and organizations that fail to secure the data on their smartphones and PDAs. Loss or theft of the devices could lead to embarrassment, major breaches of corporate security, or even blackmail.
i love this app for the protection of my data:
http://linkesoft.com/secret/palm.html