How do you sell a phone without giving away the data on it? If you've used a phone even briefly, it's filled with all kinds of sensitive data, including passwords and login tokens alongside personal texts and photos, all of which need to be erased before you can safely put the phone up for sale. The standard answer is a factory reset, which wipes the memory and restores the phone's setting, but there's a growing body of evidence that, for Android phones at least, the factory reset isn't enough.
A study published last week revealed methods that can dig up incredibly sensitive data from supposedly wiped phones, including the login token used to sign into Google accounts. The core of the problem is flash memory, which limits how often a given block of memory can be overwritten. As a result, a factory reset will often designate data as logically deleted (that is, available to be overwritten) without actually overwriting it, so as to prolong the life of the hard drive. Using a variety of database recovery tools, two Cambridge researchers were able to scan the wiped phones for portions of the hard drive that had been designated as logically empty, recovering photos, passwords, and chat logs. In theory, the factory reset is supposed to wipe all that data, but thanks to the quirks of flash memory, it wasn't being wiped all the way.
Those flash memory issues aren't new, but combined with the way mobile apps handle logins, they have serious consequences for Android users. Once you've logged into a mobile app, the phone preserves that login with a local authentication token — essentially a password that only your phone sees. If that token falls into the wrong hands, attackers can use it to log in, just like a stolen password. Since those tokens all live in the memory of the phone, they're a prime target for thieves — and if the factory reset doesn't erase them, thieves could use those tokens to compromise every app on your phone.
The quick fix for this is simple: encrypt the data on your phone before you get rid of it. (You can find the option at Settings > Security > Encrypt Phone, for any Android version since 3.0.) Adrian Ludwig, the lead engineer for Android security, recommended preemptive disk encryption for anyone giving up their phone. "If you plan to resell or discard your device and you haven’t already, encrypt it and then perform a factory reset," Ludwig said, when asked for comment on the Cambridge paper. If the phone's hard drive is encrypted, any unerased data will be scrambled and effectively useless. Disk encryption mostly protects against attackers with physical access to your device, so it's often overlooked in favor of network-based security measures like two-factor authentication — but for this attack, it's the single most important protection you can have. It's not complete protection, since it's possible to use brute force to crack the simpler disk-encryption passwords, but the more complex a password you choose, the more difficult and expensive it will be for attackers to break through.
Disk encryption is also why, for the most part, iPhones are already protected. iPhones use the same solid-state memory as Android phones, but iOS devices have provided full disk encryption since 2009, when iOS 3.0 was deployed. More importantly, that encryption is supported by Apple's own hardware. Today's iPhones have a co-processor devoted entirely to security measures, known as the Secure Enclave, which manages keys and performs the grunt work of actually decrypting the data. In theory it would be possible to recover scraps of encrypted data and decrypt it through brute force, but it's a risky and difficult process, enough to scare off all but the most determined attackers.
That's why, when security companies dive into the problems with factory resets, they generally pick on Android rather than iOS. When the security company Avast tried to dig up data from 20 wiped Android phones last year, they were able to search for specific patterns that would indicate photos, texts, or other sensitive data, resulting in 250 nude male selfies. But the iPhone's encryption scrambles those patterns, leaving researchers back at square one. "iOS forensics is much harder to do than Android, as you have to deal with encryption," said Jaromír Hořejší, a researcher at Avast. "You might be lucky to recover the key to unlock the encrypted files, but the key may or may not work as the encryption algorithm is not public."
Google built similar protections into the Nexus 6 and 9, but providing that level of security across Android has proved significantly more difficult, despite significant support in the codebase. Encrypting the entire file system means the phone has to actively decrypt any data it wants to use, which can seriously hurt performance if the phone doesn't have enough processing power. The iPhone solves that with a dedicated co-processor, but setting aside that computing power is expensive, and many cheaper Android phones simply aren't equipped for it. Google had initially planned to make full disk encryption a default setting in Lollipop, but backed off the promise earlier this year when the performance issues proved too difficult to overcome. That's less of an issue if you're encrypting the phone before a factory reset, but when a phone is lost or stolen, the default setting can be the only thing keeping your data safe.
It's a classic security quagmire, playing off the intersection of hardware vendors, application security, and Android at large, with no easy solution from any angle. The good news for users is that harvesting data from factory-reset hard drives is slow work, and most of what’s recovered is low-value data like texts and contact lists. For now, criminals seem to have decided it's not worth the trouble. The Cambridge researchers have also been working with Google to plug up the security holes from the Android side, so hopefully the attacks will become even more daunting as time goes on. "It's good to see the improvement in Android 5.0," said Ross Anderson, one of the Cambridge researchers. "We hope that phone resellers will take appropriate procedural measures to manage the residual risk."