Lesson learned? Most used memory cards contain data when sold
A recent study conducted by researchers of the University of Hertfordshire about the implications of selling used memory cards revealed that about two-thirds still contain data from previous owners.
The researchers bought one hundred memory cards over the course of four months on various platforms including eBay or second-hand shops and were able to recover personal data on two-thirds of them.
Personal data found on the memory cards included IDs, contact lists, selfies and intimate photos, resumes, the browsing history, passport copies, and pornography.
Only 25 of the 100 cards were wiped properly so that no data could be recovered from these devices. A total of 36 devices were not wiped or formatted at all and 29 were formatted but data could still be recovered by the researches. The remaining memory cards did not work, had no data present, or had data deleted manually (which meant it could be recovered).
Used data that buyers recover from memory cards or hard drives can result in all kinds of issues for the previous owner. Possibilities include identity theft and impersonation, blackmail, or sharing of personal photos online.
Most memory cards were used in smartphones and tablets, but some were used in digital cameras, drones, or navigational systems.
No change in the past 10 years?
Techradar ran a similar story back in 2008. The company bought used hard drives from marketplaces like eBay and concluded that 66% of them were not properly erased so that data could be recovered.
While Techradar did not reveal the types of data that it recovered from these drives, it likely included personal data such as documents and photos as well.
Is it a coincidence that the recovery rate has not gone down between 2008 and 2018?
Avast analyzed used smartphones in 2014 and found all kinds of personal data on them. The data included more than 40,000 photos including nude photos and photos of children, email and text messages, loan applications, contact names, and more.
What is the reason?
If you take the findings of the University's memory card research, you will notice that only a quarter of users used wiping tools to erase the data on the cards properly. While the number may change if you increase the sample size, it is clear that many users don't seem to be aware of the dangers.
One reason for that is that devices come without instructions to properly erase data. While you find articles on my site and others on the topic, it is necessary that users are aware of the issue and implications to even search for it.
Over a third of devices were formatted by their previous owners. While these owners knew that they had to do something about the data on the drive before selling the memory card, they did not know that formatting, especially quick formatting, does not delete data sufficiently.
What can you do about it?
It is important that users get educated about the dangers of selling used storage devices online. There are a couple of things that users can do to make sure data cannot be recovered.
Probably the best is to keep the storage devices and not sell them in first place. It is clear that this may not always be possible, for example when you need the money from the sale.
The second best option in my opinion is to encrypt the entire storage device and format it afterward.
Assuming that you can connect the memory card or storage device to your PC:
Option 1: using command line tool cipher
- Open the Start menu.
- Type cmd.exe.
- Right-click on the cmd.exe item in the results list, and select run as administrator from the context menu.
- Open Windows Explorer, and check the drive letter of the memory card / hard drive you want to erase data on properly.
- Make sure you replace D on the next line with the actual drive letter.
- Type cipher /w:D:
- Wait for the process to complete.
Cipher's /w option commands the tool to wipe the location. The tool has three passes: 1) replace all data with 1's, 2) replace all data with 0's, 3) replace all data with random numbers.
Option 2: using encryption software VeraCrypt
- Download and install the free encryption software VeraCrypt.
- Select "create volume" when you start VeraCrypt.
- Select "Encrypt a non-system partition/drive" in the VeraCrypt Volume Creation Wizard window and click next.
- Confirm the UAC prompt.
- Select next when asked to select a volume type.
- Click on select device and pick the memory card that you want to erase data on completely so that it cannot be recovered.
- Double-check to make sure you have selected the right drive.
- Select "create encrypted volume and format it", and select next.
- On the encryption options page, select next.
- On the volume size page, select next.
- Type a password. Make sure it is secure but note that you don't need it after the creation. Select next.
- Select no when asked whether you want to store large files on the drive.
- Move your mouse around and hit format on the volume format page. Confirm the erase prompt if it is displayed.
- Follow the prompts to complete the process.
After the encryption / erasing
What you may want to do after you have run one of the operations explained above is to check whether recovery software can recover data on the drives.
The process of erasing data on memory cards, hard drives or other storage devices is quite technical. Some manufacturers offer custom programs to erase data on storage devices but those tools need to be downloaded and installed manually usually.
Now You: Do you sell old memory cards, hard drives, or other storage devices?Advertisement