News

Android Factory Reset Fails to Wipe All User Data

Researchers at Cambridge University have uncovered a critical vulnerability in Google’s Android OS. Over 500 million Android devices have a flawed implementation of the factory reset feature, leaving user data vulnerable. This weakness allows an attacker to access login credentials, contacts, emails, text messages and other information on the device even after the factory reset has done its wipe.

In determining the vulnerability, 21 devices were tested with Android versions spanning 2.3-4.3 from 5 different manufacturers. Each device had some old data that was recoverable and in 80% of cases, the master token, used to communicate with Google, was retrieved. Obtaining the token allowed the researchers to sync with Google servers for contacts, Gmail and Google Calendar. Tokens for other apps like Facebook were also retrieved after the reset.

The vulnerability arises from a number of factors. One of these is that the manufacturer, in creating their Android build, failed to supply the proper drivers to ensure the flash memory was wiped. Another factor is the inability of the OS to access all parts of storage due to the file system and flash controller. This is a factor inherent in how flash storage currently works, with the OS seeing less storage space than is actually being used by the device. More troubling is that full disk encryption  fails to protect data as the decryption key is not wiped, allowing an attacker to first break the decryption key, then proceed to decrypt the device and it’s less than deleted contents.

Factory Reset is a critical function built into Android itself. It’s used when the phone is being retired, recycled or being resold as a way to prevent sensitive information from being passed on. The fact that such an important built-in function is so broken is troubling. It also raises issues with Android remote wiping function which likely has become less useful due to this vulnerability. For now, the only way to ensure security is to wipe storage repeatedly in hopes that all space will eventually get wiped or physical destruction of the device.

Samuel Wan

Samuel joined eTeknix in 2015 after becoming engrossed in technology and PC hardware. With his passion for gaming and hardware, tech writing was the logical step to share the latest news with the world. When he’s not busy dreaming about the latest hardware, he enjoys gaming, music, camping and reading.

Disqus Comments Loading...

Recent Posts

Still Wakes the Deep 

LIVE THE HORROR: An immersive disaster story aboard a stunningly realised North Sea oil rig,…

1 hour ago

PHILIPS 275V8LA – 27 Inch QHD Monitor

The Philips VA LED display uses an advanced multi-domain vertical alignment technology that gives you…

1 hour ago

EPOMAKER Ajazz AK820 Pro 75% Gasket-mounted Mechanical Keyboard 

【TFT Screen: The Interactive Interface】This 75% mechanical keyboard comes equipped with a TFT Screen, serving…

1 hour ago

Funko Fusion

FANDOM FUSION Play as your favorite characters and wield their unique weapons and skills. Team…

1 hour ago

Shin Megami Tensei V: Vengeance Standard Edition

The Definitive Version of Shin Megami Tensei V - Fully evolved with stunning visuals for…

1 hour ago

Hand Warmers Rechargeable 2 Pack

【Unique Split Design】5200mAh hand warmers rechargeable together with double-sided heating function, split snap swivel design,…

1 hour ago