Android Factory Reset Fails to Wipe All User Data

Researchers at Cambridge University have uncovered a critical vulnerability in Google’s Android OS. Over 500 million Android devices have a flawed implementation of the factory reset feature, leaving user data vulnerable. This weakness allows an attacker to access login credentials, contacts, emails, text messages and other information on the device even after the factory reset has done its wipe.

In determining the vulnerability, 21 devices were tested with Android versions spanning 2.3-4.3 from 5 different manufacturers. Each device had some old data that was recoverable and in 80% of cases, the master token, used to communicate with Google, was retrieved. Obtaining the token allowed the researchers to sync with Google servers for contacts, Gmail and Google Calendar. Tokens for other apps like Facebook were also retrieved after the reset.

The vulnerability arises from a number of factors. One of these is that the manufacturer, in creating their Android build, failed to supply the proper drivers to ensure the flash memory was wiped. Another factor is the inability of the OS to access all parts of storage due to the file system and flash controller. This is a factor inherent in how flash storage currently works, with the OS seeing less storage space than is actually being used by the device. More troubling is that full disk encryption  fails to protect data as the decryption key is not wiped, allowing an attacker to first break the decryption key, then proceed to decrypt the device and it’s less than deleted contents.

Factory Reset is a critical function built into Android itself. It’s used when the phone is being retired, recycled or being resold as a way to prevent sensitive information from being passed on. The fact that such an important built-in function is so broken is troubling. It also raises issues with Android remote wiping function which likely has become less useful due to this vulnerability. For now, the only way to ensure security is to wipe storage repeatedly in hopes that all space will eventually get wiped or physical destruction of the device.