A Project with DePaul University and McAfee, Part of Intel Security
In attempts to be more cost conscious and stretch limited resources, businesses may look to purchase second-hand office equipment, such as used laptops, tablets and mobile phones. On average, businesses spend nearly double purchasing new tech devices versus if they bought used. Buying used equipment can provide huge savings to a small business, but in order for the savings to be worth it precautionary measures need to be taken to protect their business and customers.
Inherent risks exist for both the buyers and sellers in these situations. When selling or recycling used devices, businesses need to make sure all data has been properly wiped. If the device gets into the wrong hands, businesses could expose priceless intellectual property, personal identifiable information or other confidential data. Business owners buying used technology need to ask – is there residual malware or other harmful software on the device that could negatively affect my business? Is the equipment going to be in the condition that the seller claims?
With these questions in mind, research was conducted by DePaul University students with equipment purchased by McAfee, part of Intel Security, from various online retailers, such as Amazon Marketplace and eBay. The goal of the research project was to identify potential security risks for businesses when buying or selling used, recycled or refurbished devices. By finding vulnerable data from previous users and making recommendations on how businesses should properly secure second-hand equipment, this report looks to raise awareness on how to protect your personal and business data from unauthorized access and use.
The students and researchers at DePaul University found sensitive, personal information on the used tablet devices the most, followed by laptops. The mobile phones tended to be clean since they are typically easier to wipe with a simple factory reset.
Key Findings of DePaul Research
- Mobile phones are not as vulnerable as laptops and tablets because they can be reset to their factory settings with a few simple swipes.
- Laptops and tablets proved to have the most recoverable data in this project, possibly due to the multitude of tasks performed on these devices and the several steps needed to access and reset factory settings.
- Researchers were able to extract web history information from the used laptops, such as: eBay listings visited, search queries in Google and YouTube, Facebook pictures, Facebook chat messages, Facebook status updates and wall posts, as well as Internet Explorer cookies
- Researchers found that tablets contained the most residual, sensitive data, such as: Amazon, Apple, eBay and Gmail user-names and passwords and more than 3,500 previously deleted photos
Let’s have DePaul professor, Steve Hunt, and his students give an overview of the project in this video: