Personal data retrieved from encrypted phones

Monday 28 April 2014 21.56
A range of devices and operating systems were tested by the Deloitte experts
A range of devices and operating systems were tested by the Deloitte experts

A whole range of personal information can be retrieved from lost or stolen smartphones, even when they are encrypted, passcode-protected or have been reset.

That is according to new research carried out by a team of forensic experts at Deloitte.

They found identities, PPS numbers, PayPal login details and emails could be retrieved from a range of smartphones and other devices.

Around 12,000 phones are stolen in Ireland each year. Many more are lost or sold legitimately in the second-hand market.

The study was carried out to see what information might be retrieved by someone who got their hands on a phone or tablet in such circumstances.

A range of devices and operating systems were tested.

In a scenario replicating the theft of phones that were passcode protected, and in some cases encrypted, the team retrieved owner identities, email addresses, contacts, passwords and PPS numbers stored as SMS messages.

They managed to retrieve a similar range of personal data when they examined phones whose memories had been erased using the factory reset function.

Deloitte said the results show the need for organisations and individuals to protect their data and maximise privacy.

Simple steps include using a passcode and encryption where available, activating remote wiping in the event of loss and disposing of old phones carefully.