Cellphones bought at police auctions have been found to pose privacy risks, according to a recent study conducted by security experts at the University of Maryland.
The study focused on mobile phones purchased from the largest police auction house in the US over a two-year period. Shockingly, the researchers discovered that many of these phones still contained personal data from their previous owners, making them easily accessible to new buyers.
Surprising Findings From the Study
Out of the 228 phones acquired by the research team, 27% of them contained sensitive personal information such as social security numbers, credit card details, banking information, passport data, and even pictures of driver's licenses.
The ease with which the researchers were able to access this information surprised them. Dave Levin, associate professor of Computer Science at the University of Maryland, who led the study, expressed his astonishment at the level of personal information they discovered.
The team suspected that the police agencies were not properly wiping out the phones or that the auction houses were not taking adequate precautions before shipping the items to the highest bidders.
The research team worked closely with the university's legal counsel and institutional research review board to establish protocols for handling the personal data found on the phones.
While no evidence of child abuse was encountered, the researchers did uncover other unsuitable information, such as adult nudity and drug use.
The study also revealed that some phones had been involved in criminal activities like identity theft. This discovery was particularly concerning because it means that victims of identity theft were being further victimized by having their personal information easily accessible.
Digital Contact With Over 7,000 People
The research team emphasized that people should be aware that their phones contain not only their own data but also information from anyone who has communicated with them. They discovered that out of the 61 phones they accessed, there had been some form of digital contact with over 7,000 individuals.
Surprisingly, the researchers found it alarmingly easy to access cellphone data. Some phones arrived with no passcodes attached, making it effortless for anyone to unlock the devices. Additionally, many phones had easily guessable PINs or passcode patterns.
When the researchers contacted the auction house, PropertyRoom.com, to address the issue, the company promised to investigate. However, the researchers purchased another batch of phones and claimed that PropertyRoom had only partially wiped the phones' contents.
US law enforcement agencies usually sell items not claimed from lost-and-found inventories and seized in criminal investigations. Many of these items, such as jewelry, and electronic devices like mobile phones, end up at online auction houses.
The researchers suggest that police agencies should avoid auctioning used mobile phones and instead destroy them to prevent potential security breaches.
They also recommend that phone owners take precautions such as setting strong passcodes, minimizing accessible private information, and remotely wiping their phones if they are lost or stolen.
"Use your phone under the assumption that somebody else might later become its legal owner," Levin said in a statement. "Set a passcode that is hard to guess, minimize the private information that's easy to access, and remotely wipe your phone if it is lost or stolen. Otherwise, our study shows just how easy it is for someone to gain an incredible amount of access to your private information."
Related Article: T-Mobile Data Breach Victims Beware! New York Attorney General Warns of Potential Identity Theft
