Shostack + Friends Blog Archive


Mangle those cell phones?

OK. Right off I am *not* advocating physical destruction of old recycled cell phones. This post (Mangle those hard drives!) at my primary security blog, ThreatChaos, got a lot of reactions when I suggested that physical destruction of hard drives was the best policy in lieu of a well managed data wiping process. That was sparked by the news that computers being re-sold in Nigeria were being used to harvest bank account information which was then sold to attackers.
Now, Trust Digital has demonstrated that most phones are not properly scrubbed before being offered for sale on eBay. They purchased ten cell phones and proceeded to extract all sorts of data from them. Read the whole story from the Associated Press article. There is a great quote from Howard Schmidt who types his password incorrectly 11 times to cause his cell phone to self destruct. Of course Trust Digital was demonstrating the need for their products which are justified in the corporate world.
For personal protection? I would mangle the flash memory of all un-needed cell phones. Incinerate? Acid bath? Microwave? All good. But unless you are worried about the NSA recovering your info I would just take it out to the garage and whack it with a hammer on your anvil. Don’t have an anvil? I can lend you one of mine. 🙂
Can’t get the flash memory out of the phone? Hit the phone with a hammer until you can find the chip. Then proceed to instruction 1. above. (Always wear safety goggles when hitting things with hammers).

6 comments on "Mangle those cell phones?"

Comments are closed.