Jump to content
Login with your Gmail HERE and start posting in seconds! ×
Don't just read! Be part of the Community! Join the conversation ×
Our Newsletter now includes a Sunday edition! Stay updated 7 days a week!

Isn't it risky to sell old smartphones and PCS ?

thecyclist

By thecyclist
in IT and Computers

 Share

Recommended Posts

thecyclist Gold Member

thecyclist

Posted
Posted

Was wondering whether there isn't a risk in selling old devices when you have done netbanking and internet purchases with it.

Wouldn't a skilled hacker be able to get into your bank account and draw money?

steve187 Platinum Member

steve187

Posted
Posted

dd if=/dev/random of=/dev/sad bs=1M && dd if=/dev/zero of=/dev/sad bs=1M

Good luck getting anything off that hard drive.

I thought it was english only on here

wpcoe Platinum Member

wpcoe

Posted
Posted

dd if=/dev/random of=/dev/sad bs=1M && dd if=/dev/zero of=/dev/sad bs=1M

Good luck getting anything off that hard drive.

On what device and/or OS would that command work?

dave_boo Platinum Member

dave_boo

Posted
Posted

dd if=/dev/random of=/dev/sad bs=1M && dd if=/dev/zero of=/dev/sad bs=1M

Good luck getting anything off that hard drive.

On what device and/or OS would that command work?

Any *nix on a computer. A live Linux cd will be able to get it done for you.

SpaceKadet Silver Member

SpaceKadet

Posted
Posted (edited)

It will not work Dave.... try

dd if=/dev/urandom of=/dev/sad bs=1M && dd if=/dev/zero of=/dev/sad bs=1M

For the really paranoid, repeat the command 6 or 7 times...

Edited by SpaceKadet
dave_boo Platinum Member

dave_boo

Posted
Posted (edited)

It will not work Dave.... try

dd if=/dev/urandom of=/dev/sad bs=1M && dd if=/dev/zero of=/dev/sad bs=1M

For the really paranoid, repeat the command 6 or 7 times...

Perhaps it could be blocked if there isn't enough entropy; but as /dev/urandom uses a seed from /dev/random and then a PRNG it is theoretically possible to predict urandom's output.

Simply letting it run will allow entropy to build; running "sync" or "rngd" or even "haveged" seeds it.

**edit**

Apologies for the earlier /dev/sad...stupid autocorrect 'fixed' my /dev/sda

Edited by dave_boo
manarak Ruby Member

manarak

Posted
Posted (edited)

OP, you should stop immediately any netbanking that doesn't require two factor authentication.

Edited by manarak
Buddumber Rookie Member

Buddumber

Posted
Posted

thinking further that sda is going to wipe the hard drive you are running from, presumably you will be wanting to wipe sdb or some external drive connected to your computer.

dave_boo Platinum Member

dave_boo

Posted
Posted

thinking further that sda is going to wipe the hard drive you are running from, presumably you will be wanting to wipe sdb or some external drive connected to your computer.

Hence my suggestion to use a livecd which can be a thumb drive. Will always start from sata0 and label the drives from there.

Buddumber Rookie Member

Buddumber

Posted
Posted

thinking further that sda is going to wipe the hard drive you are running from, presumably you will be wanting to wipe sdb or some external drive connected to your computer.

Hence my suggestion to use a livecd which can be a thumb drive. Will always start from sata0 and label the drives from there.
ok
Bench499d Apprentice Member

Bench499d

Posted
Posted

thinking further that sda is going to wipe the hard drive you are running from, presumably you will be wanting to wipe sdb or some external drive connected to your computer.

Hence my suggestion to use a livecd which can be a thumb drive. Will always start from sata0 and label the drives from there.

Actually it doesn't always do that with recent Ubuntu. If I boot my machine with an external hard drive connected, sometimes the external is sda and the internal sdb, sometimes the other way around, it's random, that's why UUID is used in fstab now.

You should probably use fdisk -l to check which drive is which before destroying it.

But anyway this is all probably a bit technical for the OP's question.

Google DBAN - Darin's Boot and Nuke. You burn an ISO to a CD and then boot off it. Pick the drive and wipe using the default settings.

Other similar software available.

thecyclist Gold Member

thecyclist

Posted
  • Author
Posted

Thanks guys for all the swift replies.But for someone who is as IT illiterate as I am, this is just too complicated.

My reasoning is, correct me if I am wrong:The buyer of my laptop and smartphone can get all the data and information on my devices for all I care.But if I immediately after selling it change the password of my netbanking with my new smartphone, he won't be able to get in there.He could still initiate internet purchases with my debit card information, but won't be able to complete them as it would me, not him, who receives the OTP from my bank.

SpaceKadet Silver Member

SpaceKadet

Posted
Posted

You are right to be worried and a bit paranoid.

All smartphones/tablets (at least Androids) have a way to "Reset to factory settings", which would clear all user data and remove all user installed apps.

For the laptop the best and easiest would be to reinstall the OS. After all, it's the hardware you are selling.

Easy to do, even for an "IT illiterate".biggrin.png

sean in udon Advanced Member

sean in udon

Posted
Posted (edited)

If you want peace of mind, take the laptop to a computer shop have the hard drive replaced and a fresh os installed.

Insist that they remove your drive while you wait. Take your old hard drive home and belt it with a hammer - several times. Or drill several holes through it.

It may still be possible to retrieve some of the information from your drive, but the time and equipment necessary is way beyond the capabilities/budget of the average data thief.

Edited by sean in udon
ozyjon Silver Member

ozyjon

Posted
Posted

Myself and friends have previously lost all data on our hard drives,

we learnt how to retrieve data from hard drives, with the right tools

anything can be done, old hard drives of mine are opened, disks

smashed, washed with acid, burnt then taken to the rubbish tip.

Ulic Gold Member

Ulic

Posted
Posted

Not a tech savy guy for the most part and do not sell old phones or computers but dose not everything get wiped out when you do a factory reset.

hatewaitin Rookie Member

hatewaitin

Posted
Posted

Any data on any memory device is recoverable to some extent.

Computers with mechanical and SSD drives can be overwritten to damage any existing data upon them.. Australian Military remove and destroy any drive used in a secure facility prior to disposing of the device. This is the most secure method.

Smartphones: Most have the ability of accepting a memory card and in most cases will automatically move data like pictures etc to them some do not.

If the device has a memory card remove and keep it.

You can do a hard reset and restore the phone to default settings this will wipe the info from the device but can be restored by someone with skills. if you want to sell the phone and make sure all data is not retrievable then you will need to procure either an app or 3rd party software that will permanently damage the existing overwritten data so that it can no longer be recovered.

If you are unsure when you sell your phone change your banking passwords to prevent the problem

2fishin2 Gold Member

2fishin2

Posted
Posted (edited)

The old military way of wiping a hard drive clean was to reformat it 3 times using the low level method

Edited by 2fishin2
quandow Silver Member

quandow

Posted
Posted

For the majority of non-techies here, I would NEVER sell a PC with the hard drive(s) left in it. Remove the drive(s), open it/them up and destroy the platters if there is ANY info you don't want in someone else's hands.

SpaceKadet Silver Member

SpaceKadet

Posted
Posted

OK, if we are really paranoid here:

For the smartphones, encrypt the device, then factory reset. Good luck trying to forensically de-crypt any remaining data without the keys! This is for Android. iPhones are encrypted by default.

SSD drives can be securely erased. All manufacturers provide programs to write all zeros to all the NAND cells. This is one of the ways to reclaim SSD performance. SSD being a bipolar technology, once the data is overwritten, it is impossible to recover it. If you want to make really sure... take out the circuit board from the SSD and microwave for a minute or so on full. Goodbye all the data!

HDD are a bit problematic, relying on magnetic flux to store the data. This flux extends to the sides of the written track of data, and can be recovered by special programs that re-position the recording heads and look for patterns. The programs are expensive and not something general public would have.

DoD specified that the HDD's must be totally overwritten by random data at least 7 times before being reused.

A bit of paranoia is healthy, but assuming 9 billion people on the planet are after your Google password is a little bit extreme? If your name was Assange then yes, but Johnny TvBlogger? Sure, do the cleanup as advised above before selling or disposing of phones or PCs. But I'll bet people have more incriminating data of their Facebook and other social media accounts.

quandow Silver Member

quandow

Posted
Posted

OK, if we are really paranoid here:

For the smartphones, encrypt the device, then factory reset. Good luck trying to forensically de-crypt any remaining data without the keys! This is for Android. iPhones are encrypted by default.

SSD drives can be securely erased. All manufacturers provide programs to write all zeros to all the NAND cells. This is one of the ways to reclaim SSD performance. SSD being a bipolar technology, once the data is overwritten, it is impossible to recover it. If you want to make really sure... take out the circuit board from the SSD and microwave for a minute or so on full. Goodbye all the data!

HDD are a bit problematic, relying on magnetic flux to store the data. This flux extends to the sides of the written track of data, and can be recovered by special programs that re-position the recording heads and look for patterns. The programs are expensive and not something general public would have.

DoD specified that the HDD's must be totally overwritten by random data at least 7 times before being reused.

A bit of paranoia is healthy, but assuming 9 billion people on the planet are after your Google password is a little bit extreme? If your name was Assange then yes, but Johnny TvBlogger? Sure, do the cleanup as advised above before selling or disposing of phones or PCs. But I'll bet people have more incriminating data of their Facebook and other social media accounts.

I've personally wiped hard drives to DoD specs and still been able to retrieve some data. I used to work DoD IT, the only sure way to get rid of the info is to open the physical drive and destroy the platters inside. Yes, this is anal, but it's also the ONLY 100% absolutely sure way to remove data.

thecyclist Gold Member

thecyclist

Posted
  • Author
Posted

It still does not answer my question.Lets suppose the new owner is able to retrieve all the data on my device, including my internet bank transactions.He would not have my new passwords for banking and internet,if I change them with my new device?Or is my reasoning wrong here?

2fishin2 Gold Member

2fishin2

Posted
Posted

I see paranoia reigns supreme on this threads :)

Change your passwords often

Have your browser setup to not save passwords or history

Change your OS back to the original settings before you sell

There is the square root of zero chance anybody is going to steal anything from your machine

Bench499d Apprentice Member

Bench499d

Posted
Posted

It still does not answer my question.Lets suppose the new owner is able to retrieve all the data on my device, including my internet bank transactions.He would not have my new passwords for banking and internet,if I change them with my new device?Or is my reasoning wrong here?

I believe that by default the browser does not cache pages delivered over https. Since your bank website should be then this data should not be cached. However passwords are often cached in browsers so any site that only required a username and password which were saved to the browser would be vulnerable. You would as you say need to change these.

RedQualia Advanced Member

RedQualia

Posted
Posted

I thought through all this "banking on the computer" crap some years ago. I came to a solution that works for me, and after that, didn't think about it much. So this is all probably very old school. Mai bpen rai. I'm not gonna change anything. My rules are:

1. I don't do any internet banking in the country in which I live (Thailand). Better to just go to the bank.

If any bank mistake is going to be made with regard to any account, no one's going going to blame it on the internet.

2. For my home country, I've little choice other than to do internet banking. In which case:

a. I only do it from within a virtual PC dedicated to the purpose of internet banking, with no cut/paste share nor anything such as that.

No visits to non banking sites allowed within that virtual machine.

b. I only use a hard wired internet connection. No wireless.

c. I only use wired keyboard and mouse. No wireless.

d. I only do it when I must. Once a month or so.

Beyond that, I would never sell one of my used mobile phones or hard disk drives. There's no money in it. Better to beat whatever it is to death with a hammer, and then apply the DoD destruction standard recommended back when I worked with DoD: gasoline fire.

Overly paranoid? Maybe. But again, I don't spend much more time thinking about it all. And I've yet to come up with a reason to deviate from this approach.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.






ASEANNOW

ASEANNOW (formally ThaiVisa) is Thailand's oldest and most popular expat and foriegner forum. Sign up today and have your say!

MORE INFO

POPULAR AREAS

CONTACT US

219/59 Asoke Towers, 15th Floor, Soi Sukhumvit 21, Watthana, Bangkok 10110
(+66) 99 196 1100
[email protected]

×
×
  • Create New...