Oops.
It might be an idea to encrypt all data by default. Then the wipe process merely involves destroying the private encryption key, which takes no time at all. Like my iPad does.
UK supermarket Tesco’s Hudl tablet will offer up data from past users – even if it’s been factory reset. The Register spoke to Ken Munro from security firm Pen Test Partners, who said he'd bought 17 Hudls and AllWinner tablets from eBay and found that not only does the reset process not wipe all the data, it’s possible to …
The best way to wipe an Android device is to do a factory reset, completely fill the device with music or video podcast files and then do another factory reset. There may be fragments of old directory information left left but the majority of the data will be gone. This works because each location in flash memory can only contain data from one file and so when a device is full then to all intents and purposes the old data has gone.
But it's the <1% that you need to be worried about. I don't know how the Hudl for example reserves particular parts of the memory for system/secure data rather than general user data - photos, music etc.. But this might represent a significant hole? Perhaps someone who has more knowledge of the lower levels of these tablets might comment?
Actually the best way is to do a factory reset, followed by placing it in a industrial crusher and burying the results in a foot of concrete.
But I admit your way may leave it more resellable (What do you mean you want to return it? I said it was complete, not assembled. And the concrete will make a very nice garden feature)
Depends where system cache and password files are stored on Android devices they may be in a different memory area to general music storage.Even if in the same srea I doubt the device would allow full memory use before baulking with some form of memory error.
The device has a feature called 'factory reset' that doesn't reset it to a factory state. That's different from having a feature called 'format the hard drive' which establishes the correct formatting on a hard drive. The first feature doesn't do what it promises, the second does what it promises but is sometimes falsely assumed to do something else as well.
That being said, it sounds like an easy bug to fix. A quick pop-up to explain that if the purpose is to remove confidential information then a full erase should be performed which will take X minutes rather than Y seconds and a couple of buttons would do it. It's such a fringe feature that it's probably not worth investing more time in than that.
isn't into resurrecting deleted files, and stealing my log-ins, she has to be shown how to switch the tablet on, and wants to read her facebook and listen to Classic fm over the internet.
Anyone more savvy is unlikely to be using a Hudl to own people.
And if there is a person stalking a child, waiiting for the kid's parents to resell the kid's Hudl on ebay, let's go round their house and burn 'em out
He clearly couldn't find any Islamic-tainted beheading videos, so he had to pick on this.
The entire security establishment is crying out for something non-think of the children/terrorist to justify snooping.
*personally* I think they should just go for the "android let me see your girlfriends tits" - but I'm not representative.
It all depends on the firmware in the Flash controller. I suspect that any faulty areas will be marked as unreadable, but would doubt that it'd go much beyond that. For example, performing an erase on a bad area WOULD wipe any stored info permanently, but I don't think any but the most paranoid, security-specific FW would go that extra yard.
If you run a zeroing utility on a spinning rust HDD, will it attempt to overwrite excluded bad blocks as well as the 'good' data / directories?
Addresses are translated by the flash controller, this is transparent to the OS. AIUI you'd need to reflash the firmware or replace the controller chip to gain access to the raw storage, although it's possible that there's an "engineering mode" the manufacturers aren't telling us about.
... it's who she passes it on to afterwards.
After all, auntie June is probably not going to have the elite hacker skills necessary to discover the undeleted files on the (emulated) sdcard. So you're safe for now. But only until she sells it on eBay for ££.99 (excl p&p).
And then you're both done for...
...after all, a factory reset that doesn't is pretty poor, especially if there is no obvious (non-geek) way to wipe important data from the machine.
Then Mr. Munro makes the illogical leap from a badly wiped tablet sold on eBay to providing information for weirdos to stalk your children (the obvious question is that this only means a damn if the purchaser is a kiddie stalker, has the knowledge of how to get into the device, and most importantly of all, lives nearby). As if this wasn't bad enough, somehow having end user information on a cheap supermarket tablet will automagically help a stalker avoid a police sting? How is this? Will it start playing the theme tune from The Bill whenever a cop car drives by?
Mr. Munro, you might have had a good and convincing argument if you warned adults about their login details, credit card information, etc being potentially accessible by the person the tablet is sold on to. But this half-assed "think of the children"? That's an even more desperate attempt than one would expect to see in The Daily Mail. So go away. Very far away. Preferably in a coffin. Thank you.
"It also helps the stalker avoid a police sting – a copper would not be using a cheap tablet to sting a stalker with! They would be using a carefully managed and secured PC in a police building somewhere."
I'm not exactly sure what is his point here?
Is he really scared of stalkers trawling eBay for old tablets in the hope some kiddie left it logged into Facebook? Start with the basics: every child in this country must attend school by law. So where do you think the children are? Doesn't need a fuckin social media account to figure out how to find kids.
He points out that cheap tablets are often bought for children and by selling on a tablet which has the child’s social network data, the parent might be unwittingly aiding a stalker who could use the identity of the child to stalk other children
He appears to be channelling the collective mind (using the term loosely) of Mumsnet.
My daughter's Hudl stopped recharging - the microUSB port died (apparently this happens a lot to pre-Christmas rush Hudls). By the time I noticed it was almost out of charge - so I ported off what I could to the microSD card and then performed a Factory Reset - surprised that it didn't take very long - but since the battery finally completely expired a few minutes later, I didn't get chance to do much else with it.
It then went back to Tesco for a warranty replacement.
Have changed account passwords (as I had the admin acct on it, I changed hers and mine Google logins for example) - so hoping that even if this unit does get refurb'd, and the factory reset is potentially ineffectual, nobody will be able to login with the account details stored on the device.