Usually, when you reset an Android device or any device back to its factory settings, you expect to lose all content and data on it. Well, apparently there’s a new bug that makes the Tesco Hudl slate vulnerable to recovery of data caused by a bug in the CPU.
In a few cases, the reset just removed the list of where data was stored, while everything else was left intact. The Tesco Hudl has a flaw that lets attackers reach data saved on onboard memory. The investigations involved second hand devices, that were sold on auction sites, like eBay. BBC and security expert Ken Munro lead the investigation and tested 10 Hudl tablets from the auction site, finding them vulnerable.
The problem is caused by a Rockchip processor apparently and it seems that all modern gadgets can be put into a flash mode, so the onboard firmware can be updated and data written on the device. Even personal photos were recovered from presumably formatted and reset slates, which is a major privacy concern. The firmware is flawed and that’s what’s causing the problem. The firmware allows you to read from it as well as write.
What’s worse is that the expert was able to easily extract Pin codes to unlock devices, WiFi keys, cookies and other data related to sign in. Tesco said that customers should always make sure that they delete all data when giving away or selling a mobile device. Recent studies have also shown that even Apple products are vulnerable to recovery, as undisclosed features in the iOS platform bypass data encryption and allow information extraction.
Does this put second hand device sales at risk?