SD cards are one of the most popular storage solutions for personal usage, especially for mobile devices. These storage devices are cheap, small, fast and compatible with almost all the devices in the market. SD cards are also gaining more and more storage capacity. There are 2 ways of obtaining a memory card – buying a new one or getting a second-hand SD card.
According to a recent study conducted by academics from the University of Hertfordshire in the UK, these second-hand SD cards contain enough personal data from their past users. The study was performed on 100 random second-hand SD cards purchased from eBay and other auctions, second-hand shops etc. over a period of 4 months.
Memory card holds data
Before we dive more about the security concerns, let’s have a short description how memory works. The memory holds data in the storage and the OS keeps a record of the data in a database. Whenever you delete any file/folder from the storage, the data is still in there. The OS simply forgets about the presence of that data and overwrites those data with newer data over time. This process is followed in almost every single storage devices.
For getting rid of that, the only way is to either wipe the storage or overwrite all the existing data with garbage data. There are a number of apps to do that.
Researchers recovering data from SD cards
The memory cards the researchers collected did contain all those abandoned data. As the past owners forgot to erase those properly, using a good data recovery software, those data were recovered easily. According to the researchers, these memory cards were used in smartphones, tablets, cameras, SatNav systems and even drones.
The researchers created bit-by-bit image of the SD cards and used freely available software to recover the data. The attempts were successful and revealed a lot of information like photos, passport copies, contact lists, resumes, browsing history and other personal document.
People not wiping their devices properly
Like we discussed earlier, this situation is because the users didn’t wipe their device properly before selling those to others. According to Paul Bischoff, Privacy Advocate for Comparitech.com, also accuses people for the same reason. Comparitech.com is the company that commissioned the study.
Bischoff also added that simply deleting the file only removes the reference point to the file, not the original bit-by-bit data. That remains on the card until overwritten by other 1 and 0.
It’s also noteworthy that there are a number of software including free ones that anyone can use for properly wiping the device. These software can overwrite the data with random information. The data lose is irreversible and thus, privacy is secured.
The same problem persisted in the past as well. There were similar researchers back in 2012 where the UK’s Information Commissioner’s Office (ICO) revealed that around 10% second hand hard drives contained data from previous owners. Another study in 2015 also showed that three-quarters of used hard drives contained user data.