Don't hand over that old Android...

Started by deanwebb, May 22, 2015, 09:47:40 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

deanwebb

May 22, 2015, 09:47:40 AM Last Edit: May 22, 2015, 09:51:12 AM by deanwebb
https://threatpost.com/shoddy-android-factory-reset-exposes-private-data-encryption-keys/112979

Best to just melt it down yourself. If you have a friend that cooks meth, you can go to his cook site to dispose of the toxic waste resulting from your personal Android device decomming.

But seriously folks, this is a big deal. This is why I do NOT have my banking or other money handling apps memorize my passwords. Or at least I *try* to remember to not have them memorize my passwords. Not gonna turn in my phone, ever, until this factory reset thing gets good and fixed, which it SHOULD be in 5.0, which I'm running, but, well... now I'm more paranoid than usual.

Maybe I should put a GPS tracker on my Android when I turn it in so that if the guy that gets my phone compromises my information, I can put a geolocator block on his access and then get a buddy at a carrier to re-route his traffic to NULL and, uh... um... or I could just change all my passwords when I get a new phone and hope that I didn't miss any. :doh:
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Nerm

#1
May 22, 2015, 10:06:56 AM
I never did trade in's before and I am definitely not doing it now lol.

dlots

#2
May 22, 2015, 12:55:05 PM
I use lastpass and that seems to be fairly good so far, your encrypted (so owners of the system can't see them) passwords are stored online, I have a secondary authentication setup so even if my password gets out I should still be good, and I can see everywhere I have a password, my passwords become much more complex, and they are diffrent for every site

wintermute000

#3
May 23, 2015, 08:17:47 PM
I've sold every single android phone I've ever had when I upgrade... good thing my buyers are all just normal users, not malicious identity harvesters lol.

Still, at the price of a used phone, its probably economics that hasn't turned this into a major attack vector. (you can probably buy thousands of credit card numbers etc. off the darknet instead of a single lousy phone for the same price)

I have separate passwords for dropbox, gmail, banking, shares and paypass, none of them are written down. dropbox, gmail and banking have 2 factor on top.
My only vulnerability I think is if they can retrieve tokens they may be able to log back into google without invoking the 2 factor.

AnthonyC

#4
May 25, 2015, 02:08:58 PM
The state of security is in a perpetual sorry state when I can't even get 2 factors authentication for my banks.
"It can also be argued that DNA is nothing more than a program designed to preserve itself. Life has become more complex in the overwhelming sea of information. And life, when organized into species, relies upon genes to be its memory system."
Print
Go Up Pages1
User actions