Complex Made Simple

High alert: Selling your Smartphone will put you at risk

* Improperly disposing old handsets leaves users vulnerable to cyber threats

* Data that may include information about households, workplace, contacts, personal photos, emails and passwords is exposed to risk

* Data can be used for phishing and other kinds of cyber attacks

You probably change your mobile handsets quite often – as many in the Middle East do. So what do you do with your old smartphones…sell them? If you do, there are potential cyber risks waiting for you.

Improperly disposing old mobile phones could leave users vulnerable to data theft and other cyber threats, warns US-based information security firm SANS Institute.

Multiple threats

The Middle East has one of the highest smartphone penetration rates with Saudi Arabia and the UAE leading the markets across the globe. When major smartphone makers launch their new flagship models, many consumers sell their old devices and they tend to forget or overlook the dangerous security outcome of their actions.

“Today, mobile devices store far more sensitive data than users realise, often more than their personal computers,” says Ned Baltagi, Managing Director, Middle East & Africa at SANS.

This includes information about the user’s household and workplace, contacts, personal photos, emails and passwords.

“Even a few leaked details can leave users vulnerable to social engineering and phishing attacks which open the floodgates to even more malicious and damaging attacks such as identify theft, and cyber fraud,” adds Baltagi.

Here are a few tips from SANS to prevent data theft:

Wiping the Smartphone

Regardless of how you dispose of your old smartphone, such as donating it, exchanging it for a new one, giving it to another family member, reselling it, or even throwing it out, you need to first make sure that you erase all the sensitive data.

Simply deleting data will not help as there are many tools readily available on the internet which can recover this data. Instead, users need to ‘wipe’ their phones- a process that involves not only deleting the stored information but overwriting it, often multiple times, thus rendering it unrecoverable.

An easy way to wipe data from a smartphone is to use the phone’s inbuilt ‘factory-reset’ feature. While this works effectively for the iOS and Android operating systems, it is not effective for Windows phones. Also, for this to be effective, it is important to first encrypt the phone before running the factory reset as this ensure that the data is unreadable once restored to factory settings.

SIMs and external memory cards

In addition to storing data on the device itself, smartphones tend to save some information on the SIM. Unlike the phone’s internal storage, a factory reset does not wipe data from the SIM. Often, when moving from one device to a newer model, due to size differences, or the need to change the mobile number, users need to purchase a new SIM card. Likewise, consumers get their external memory cards while leaving the old ones lie around. These will certainly invite the danger of data theft. In such scenarios, it is best to physically shred or destroy the old SIM and memory cards to prevent them from being reused.

Beware, more than 2.5 million consumers in the UAE alone have been victims of online crimes in 2016, as figures from cyber-security global firm Symantec show.