Beware These 8 Security Issues When Recycling Hardware
Most of us have old devices knocking around our homes. This could be an old PC that’s out of warranty, an iPad that’s been replaced by one with a bigger memory, or an Xbox 360 that’s been usurped by the Xbox One.
It still works, but you’ve no need for it anymore. You can’t dump it in a landfill: there are too many components potentially hazardous to the environment. Instead, you might’ve considered donating it to a school, church, or charity — however, bearing in mind the amount of personal data that it’s stored, is it the safe thing to do?
Here are just a few security concerns you need to consider before getting rid of your hardware, and what you can actually do about them.
Taking three redundant laptops, two tablets, one games console, one Bose iPod speaker, a box of redundant cables and chargers to recycling
— kate drewett (@katesparkle) November 15, 2015
Your private data can be stored on anything with a permanent memory, so that includes your PC, laptop, smartphone, iDevices, and games console.
Data might just be obvious stuff like your name, address, and date of birth. It may seem absolutely harmless. But it’s not.
Aside from considering how much your personal information is worth on the hidden Deep Web and more specifically, the Dark Web, think how someone could use such data to learn more about yourself and what gateways that might open. Could that information include clues to your passwords? How about answers to various security questions ?
With Personally Identifiable Information (PII), a thief could potentially get a credit card in your name. If that’s not worrying enough, imagine them also getting hold of your financial records.
Thanks to cookies , much of your information is stored away, and some of us might’ve also opted for browsers to save passwords on certain devices. This is bad news — particularly when it comes to online banking and PayPal. If even the slightest trace of monetary data still exists on your device, a scammer will do their damndest to find it.
Okay, so the core worry is data remanence. Even if you throw a file in trash, data still exists in the Hard Disk Drive (HDD), awaiting retrieval by yourself (in case you realize you actually did need it) or possibly someone with sinister intent.
When those files include medical information, that’s definitely a cause for concern .
Indeed, medical identity theft is on the increase because such details can typically be obtained en masse and be sold on for relatively high amounts.
There’s a growing trend, perhaps perpetuated by celebrity culture and helped along by Snapchat and the like, to take compromising photos. These are deeply intimate in nature and certainly something you wouldn’t want a stranger possessing.
A couple of years ago, the issue hit headlines when the so-called “Celebgate” exposed a vulnerability. But it’s not just those in fame’s fickle spotlight whose pictures can give someone else leverage. You’re a target too. The practise is called sextortion , and can feel all-encompassing.
And even if you don’t have such adult material on your PC or smartphone, surely someone you don’t know casually flicking through your ordinary photos is creepy anyway?
Social Networking Accounts
Again, this might seem somewhat insignificant, but we reveal a worrying amount of details about ourselves on the likes of Facebook, Twitter, and Tumblr. Doing a privacy check-up won’t make a difference if your login data is still on an old drive, waiting for someone to remotely sign into Facebook and manipulate you.
Any devices owned by youngsters are particularly troubling. Ken Munro, from security firm Pen Test Partners, warned The Guardian:
“Our most significant concern is that predators could buy cheap, used tablets from online auction sites and other sources. Using simple tools, they could recover children’s data and passwords. This could allow the predator to access their social networks directly, making for terrifying cyber-stalking from inside their social network account. They would have access to your child’s account.”
Smartphones store your SMS on encrypted messengers, but that encryption only protects them between devices. Older cell phones store such data on the SIM. It’s always good practise to remove the SIM card anyway; after all, why would anyone you’re sending the hardware to need it?
Messages are private by their very nature, but they may also contain intimate photos or account details. How many of us systematically delete messages from, say, service providers…?
In some cases, PC World found recycled phones that still contained voicemail, texts, and emails. Add all that together and you’ve got quite an accurate picture of a life.
Just in case something goes wrong, your address book is generally saved onto both the cell phone’s internal memory and the SIM card. It’s a failsafe so that if you lose your SIM card, for instance, you still have the contact details of your family and friends. They’re further saved on SD cards.
Most remove the SIM card when recycling their phones, but that just stops it communicating across the network. But numbers generally remain on the cell, and it’s something your loved ones will probably be peeved about, should they receive questionable calls.
If in doubt, take the cards out then switch the phone back on and see what data you still have access to. You may be surprised.
Speaking of recycling electricals did you know an old games console has enough plastic & metal to make 149 new yog pots & 9 steel cans?
— Wastebuster (@_Wastebuster) February 13, 2014
Consoles are capable of so much these days, so the latest Xbox and Playstation come with 500GB HDDs, intended for storing enough downloadable content (DLC), save game data, and profile information for some gamers. That’s a lot of private material, especially if we then factor in SD cards and cloud services like Xbox Live.
Recycling consoles is a popular decision because it typically gets you a step closer to owning a newer system, and while some professional services offer to wipe such data, you don’t want something important to be missed — like account or financial data.
Here’s What You Can Do
— Felix Geiringer (@BarristerNZ) March 18, 2016
These potential security breaches shouldn’t stop you from recycling your old hardware. There’s always something that can be done.
Your first step is a degree of research. Get to know what you can recycle , where you can pass it onto, and brush up on the environmental issues. Then go through our handy checklist before disposing of your PC.
The “Scorched Earth” option is to destroy your hard drive. Literally smashing it up. Oh sure, we’ve all dreamed about it during times of slow connections and systems updates. Here’s your chance. After all, whoever you’re passing your device onto can buy a new HDD . The same goes for some consoles like the PlayStation 3. There’s no way back from this. It’s one of two ways we recommend for totally destroying information on the HDD .
If that’s too extreme for you, fair enough. You can enlist a professional or overwrite data yourself. Permanent Eraser for Mac goes over the original information 35 times and scrambles file names. It’s a pretty solid solution. You can also securely erase files from your HDD on Windows or use Eraser, which will work on Linux too.
Apple devices are typically very efficient when it comes to erasing all the data saved. You’ll likely want a back-up version saved on iTunes for writing onto a new phone, and then go Settings > General > Reset > Erase All Content and Settings > Erase iPhone.
It’ll leave your iDevice a blank slate. (It’s also worth deauthorizing the Digital Rights Management — DRM — in the iTunes store before recycling a computer. Purchase authorization also applies to some games using SecuROM, which will limit the number of devices you can register with, and eBook readers – though you’re generally not restricted on these.)
— Ask PlayStation (@AskPlayStation) March 15, 2016
As an added safety measure, you could always retroactively change your passwords on any important accounts: PayPal, online banking, iTunes, email, and social networks including Google Play. But don’t do that on the device you’re getting rid of.
Check you’re not logged into Facebook on your old PC (or any other unrecognized or redundant devices, for that matter) by opening Settings > Security > Where You’re Logged In and click End Activity for anything other than what you’re currently using.
Deleting information from game consoles naturally differs between manufacturers. It’s worth checking specific sites for exact instructions for each, and take note exactly what is erased. For the Wii, for instance, you need to access System Settings then select Format Wii System Memory. Click Format three times. This deletes all save data and downloads.
Don’t forget to remove any external storage devices, including USB and SD card.
One More Thing…
I think this HDD can pretty much be described as dead. pic.twitter.com/sbpxPle2DF
— EpicLPer (Stefan Kern) (@EpicLPer) March 17, 2016
Cloud services are all the rage, and rightly so: they give you peace of mind, backing up all your private data securely.
But this is important: disable any cloud sync before deleting documents and photos. Those files should remain digitally-saved on Dropbox or whatever system you choose. That includes disconnecting clouds and memberships accompanying games consoles, like Nintendo’s shopping channels.
What other tips have you got for ensuring all your private information is deleted? What further concerns do you have? And how do you recycle old hardware?
Image Credits: Electronic waste by Africa Studio via Shutterstock, Medical Advice by CJ Sorg; Collage of Digital (Social) Networks by Tanja Cappell; and Phones by Michael Perackas.