When I went on a stag weekend recently, the best man took a digital camera with him. After the event, he deleted some of the more "choice" shots. I borrowed the camera before the wedding, removed the SD card from the camera, ran a file-recovery application and retrieved all the shots he had deleted. Most of the photos he had wiped, unsurprisingly, were of the best man himself being spanked. Priceless!
Unless you're in the public eye, your personal photos are probably of little interest to anyone else But what about other uses for removable media?
We're all well aware of the risks presented by laptops, removable hard discs and even USB keys, but removable media such as storage cards are often overlooked. This wasn't a major issue until recently, when the market for smartphones and push email grew dramatically. Card readers, present in most laptops and some desktops, are also an issue.
Email attachments are often stored on a phone's removable storage card because the internal storage isn't large enough. Pinch the smartphone and you have access to these files, just by removing the card.
Furthermore, if your phone isn't locked with a PIN, the thief will also have access to everything else stored on the device. It's always worth protecting your mobile devices with a PIN or strong password.
If you have access to a Windows Mobile device, extract the storage card and have a look at the contents on a PC using a card reader. If the email attachment storage location is set to the card, usually to ensure maximum free space on the phone's internal memory, then the card should be an interesting source of data.
There are several freeware data-recovery applications, although some of the commercial applications are better to a degree. Use one of these to inspect the storage card contents, too.
Not everyone has a Windows Mobile device, but there are still interesting avenues to explore, even if you don't. Various forensic tools are available to recover deleted text messages, pictures and more from virtually any phone. I shudder to think what could be recovered from some of the phones I've had in the past. Even resetting to factory defaults may not solve the problem. A hammer may be the only effective solution to prevent data recovery from older phones ...
However, there is light on the horizon. Fortunately Windows Mobile 6 has the facility to encrypt the contents of the storage card, and BlackBerries have had this feature for a while. Windows Mobile 6 also allows you to remotely wipe the storage card, unlike the previous version, which only offers remote wipe of the device, not the card.
Depending on configuration, Windows Mobile 6 can also facilitate a local wipe if a threshold of incorrect PIN entries has been exceeded. Finally, if the thief attempts to reset the device in order to gain access to the hardware, the decryption keys will be lost, and so will access to the data on the storage card. As a result, the files become totally unrecoverable.
This is a strong security feature, but one that will cost the standard some fans among the user community. Effectively, it rules out a reset to factory defaults in the event of device failure, as your encryption keys will be lost. Key recovery is therefore an important part of your mobile device security policy.
This level of encryption isn't for everyone. Some people find the prospect of being locked out of their data too big a price to pay; others hold that some data is more important and call for a hierarchy of security to reflect this.
But Windows Mobile 6 is certainly a move in the right direction to ensure that the mass of data we carry around with us is safe. It might also help a few best men prevent their backsides appearing on Facebook.
- Ken Munro is managing director of SecureTest. He can be contacted at firstname.lastname@example.org.
Kill deleted data for good
By Ken Munro on Nov 19, 2007 3:16PM