How to securely dispose of your mobile device
by Ken May
Mobile devices, such as smartphones, smartwatches, and tablets, continue to advance and innovate at an astonishing rate. As a result, some people replace their mobile devices as often as every year. Unfortunately, too many people dispose of their devices with little thought on just how much personal data is on them. If your mobile device was issued to you by your employer or has any organizational data stored on it, be sure to check with your supervisor about proper backup and disposal procedures before following the steps below.
Typical information can include:
- Where you live, work, and places you frequently visit
- The contact details for everyone in your address book and applications, including family, friends, and coworkers
- Call history, including inbound, outbound, and missed calls
- SMS (texting), voice, and multimedia messages
- Chat sessions within applications like secure chat, games, and social media
- Location history based on GPS coordinates or cell tower history
- Web browsing history, search history, cookies, and cached pages
- Personal photos, videos, audio recordings, and emails
- Stored passwords and access to personal accounts, such as your online bank or email
- Access to photos, files, or information stored in the Cloud
- Any health-related information, including your age, heart rate, blood pressure, or diet
Regardless of how you dispose of your mobile device, such as donating it, exchanging it for a new one, giving it to another family member, reselling it, or even throwing it out, you need to be sure you first erase all of that sensitive information. You may not realize it, but simply deleting data is not enough; it can easily be recovered using free tools found on the Internet. Instead, you need to securely erase all the data on your device, which is called wiping. This actually overwrites the information, ensuring it cannot be recovered or rendering it unrecoverable. Remember, before you wipe all of your data, you most likely want to back it up first. This way, you can easily rebuild your new device.
The easiest way to securely wipe your device is use its “factory reset” function. This will return the device to the condition it was in when you first bought it. We have found that factory reset will provide the most secure and simplest method for removing data from your mobile device. The factory reset function varies among devices:
- Apple iOS Devices: Settings | General | Reset | Erase All Content and Settings
- Android Devices: Settings | Privacy | Factory Data Reset
In addition to the data stored on your device, you also need to consider what to do with your SIM card. When you perform a factory reset on your device, the SIM card retains information about your account and is tied to you, the user. If you are keeping your phone number and moving to a new device, talk to your phone service provider about transferring your SIM card. If this is not possible, for example, if your new phone uses a different size SIM card, keep your old SIM card and physically shred or destroy it to prevent someone else from re-using it. Also, be sure to remove any SD cards, if you have them.
If you are not sure about any of the steps covered in this article, take your mobile device to the store you bought it from and get help from a trained technician. Finally, if you are throwing your mobile device away, please consider donating it instead. There are many excellent charitable organizations that accept used mobile devices.
References: SANS Ouch 12/16 Newsletter, smarterforensics.com