If you think you can makes some cash selling your old cell phone, you might want to put privacy before profit. An informal experiment by the Local 6 consumer team found that sellers are failing to erase personal data before handing over their devices to strangers.
Local 6 purchased six used cell phones online and from area stores. More than half of them contained personal information from previous owners.
"Given how easy it is to erase your phone completely, it surprises me that there is the amount of personal data left over that we found," said David Reiff, co-owner of uBreakiFix, a chain of repair shops that specializes in smartphones and other electronic devices.
On a used Pantech phone, the experts at uBreakiFix found a whole diary of text messages.
"You can see the messages," said Lucas Andrews. "We can go right through them if you want to. We can go right through the previous messages to their contacts."
The contacts on the Pantech contained a mix of phone numbers, email, Facebook and Twitter accounts.
Andrews also discovered that the phone was still running the previous owner's data plan.
"What we noticed in trying to check his email is that it activated his 3G antenna, which means this phone is still getting data at the current moment," he said. Andrews explained that any buyer of the Pantech could use the seller's data plan and rack up charges that would be billed back to the seller.
Reiff warned that a buyer with sinister intentions could easily destroy the seller's mobile life by simply sending malicious messages to the seller's contacts. The vulnerabilities, he said, could be avoided if sellers reset their phones before offering them to strangers.
The Pantech could not be reset, however, even by the team at uBreakiFix.
"The irony is we cannot actually do it because when the phone was set up [by the previous owner] it was set up with a password," said Andrews. "To reset it, you're going to need that password, and the only one who is going to have it is the one who sold us the phone."
The Local 6 consumer team also purchased a used Blackberry Curve. The seller, apparently, failed to reset the device, as well.
"This person has a lot of friends and a lot of people he did not delete," said Andrews.
Nor did the seller clear the browser history. It was easy to look at intimate Facebook posts and other personal information. Andrews also discovered the seller's wifi networks saved on the device.
"So if they have a home network, say, family with all their computers synched to that, we now have access through this phone," he said. That access, he said, could reveal bank records, loans or mortgage transactions, social security numbers, and other private financial data.
Reiff warns sellers that the only defense is a complete reset of the phone.
"It's very easy to factory reset, to completely wipe phones these days. It's a feature in settings," he said.
That may seem obvious, but three out of the six phones purchased by Local 6 were not reset. Only one device was completely wiped clean. The other two phones died just days after purchase, which may a serve as a warning to buyers, as well.