News

Android Factory Reset Fails to Wipe All User Data

Researchers at Cambridge University have uncovered a critical vulnerability in Google’s Android OS. Over 500 million Android devices have a flawed implementation of the factory reset feature, leaving user data vulnerable. This weakness allows an attacker to access login credentials, contacts, emails, text messages and other information on the device even after the factory reset has done its wipe.

In determining the vulnerability, 21 devices were tested with Android versions spanning 2.3-4.3 from 5 different manufacturers. Each device had some old data that was recoverable and in 80% of cases, the master token, used to communicate with Google, was retrieved. Obtaining the token allowed the researchers to sync with Google servers for contacts, Gmail and Google Calendar. Tokens for other apps like Facebook were also retrieved after the reset.

The vulnerability arises from a number of factors. One of these is that the manufacturer, in creating their Android build, failed to supply the proper drivers to ensure the flash memory was wiped. Another factor is the inability of the OS to access all parts of storage due to the file system and flash controller. This is a factor inherent in how flash storage currently works, with the OS seeing less storage space than is actually being used by the device. More troubling is that full disk encryption  fails to protect data as the decryption key is not wiped, allowing an attacker to first break the decryption key, then proceed to decrypt the device and it’s less than deleted contents.

Factory Reset is a critical function built into Android itself. It’s used when the phone is being retired, recycled or being resold as a way to prevent sensitive information from being passed on. The fact that such an important built-in function is so broken is troubling. It also raises issues with Android remote wiping function which likely has become less useful due to this vulnerability. For now, the only way to ensure security is to wipe storage repeatedly in hopes that all space will eventually get wiped or physical destruction of the device.

Samuel Wan

Samuel joined eTeknix in 2015 after becoming engrossed in technology and PC hardware. With his passion for gaming and hardware, tech writing was the logical step to share the latest news with the world. When he’s not busy dreaming about the latest hardware, he enjoys gaming, music, camping and reading.

Disqus Comments Loading...

Recent Posts

Nvidia’s GeForce RTX 5090 Possible Price Revealed

According to a new report, the GeForce RTX 5090 GPU will be very expensive. It…

10 hours ago

AMD Krackan Processor with 6 Zen 5 and Zen 5c Cores for Budget AI Laptops Leaked

A new AMD processor in the form of an engineering model has been leaked in…

10 hours ago

SK Hynix Begins Production of First 321-Layer NAND Chips

SK Hynix has claimed to be the first company to mass-produce 321-layer NAND memory chips.…

10 hours ago

Trust Gaming GXT 609 Zoxa 2.0 PC Speakers

SOUNDS GREAT – Full stereo sound (12W peak power) gives your setup a booming audio…

15 hours ago

PowerA Wired Controller for Nintendo Switch

Special Edition Yoshi design Ergonomic controller shape with Nintendo Switch button layout Detachable 10ft (3m)…

15 hours ago

Logitech G Saitek PRO Flight Rudder Pedals

Fluid Motion: These flight rudder pedals are smooth and accurate that enable precise control over…

15 hours ago