Selling second-hand memory cards online could bring serious risk of identity fraud: experts
ABC
By Caitlyn Gribbin December 2, 2013, 11:15 pm
Security researchers say Australians who sell second-hand memory cards online are at serious risk of identity fraud.
Memory cards can be found in technology such as tablet computers, mobile phones and cameras, and many people sell the cards online when they upgrade to a newer device.
Academics at Edith Cowan University in Perth bought 140 memory cards through eBay Australia and examined their content.
In the sample of cards sourced from all around the country, researchers found pornography, tax documents and photographs.
One had even been used at a Federal Government department and contained personal information of employees.
Security researcher Patryk Szewczyk says when people sell the cards, they may inadvertently pass on personal information to the buyer.
"We found a vast array of different confidential documents, from resumes, we found government documents," he told PM.
"And in one instance, last year for instance, we found a document which actually did encompass the word 'confidential' written across all the pages.
"In some instances there was data on there which we felt uncomfortable with, and we had to hand it over to the police."
People not aware of security risks in selling online
Mr Szewczyk says people are probably not aware they have files located on their device.
"Presumably the person would have been using their own tablet PC or smartphone to access those resources within their organisation," he said.
"And they may not have been aware that those files are actually located on their device.
"They would have then taken their device home and all those important documents, they would have been just walking around with them.
"And they go to dispose of that memory card, and they don't realise that they've actually been selling their own company's documents on it."
The researchers found other memory cards contained personal information such as tax and licence details.
Fraud expert Rob Livingstone says selling second-hand memory cards is risky.
"When it comes to using these, that are extremely easy to use and very pervasive, security is not really top of people's mind unfortunately," he said.
He says it "absolutely" leaves people open to identity fraud.
"At the extreme end, individual identity theft is a really big deal, and it should not be taken lightly," he said.
"I guess if someone is randomly going to select identity theft and you happen to be the target, then that's something that is going to be quite unfortunate for the individual.
"But everyone should be taking steps to minimise their exposure to that."
'Smash up memory card' to protect data
The researchers hope online auction sites will educate their customers about the procedures required to wipe data permanently.
Mr Livingstone says the research should concern governments and businesses.
"I think it goes more to the heart of how an organisation manages its information security practices," he said.
He says people should be more cautious with the information contained on memory cards.
"And if you've got information sitting on that, it's really not very hard to just slip the card out, or have the card on-sold or whatever, and it's got all this very, very useful information on it.
"All kinds of information that can be of use to others."
However, Mr Szewczyk says there is an easy way to permanently delete data.
"Our biggest recommendation would be just to smash up the memory card," he said.
"So, you know, just smash it up with a hammer and don't worry about trying to get a few dollars on it."
Last edited:
