Hey there folks, I’ve got a wild tale to share today. You know how we love to scoop up deals on tech, right? Well, it seems like some people have been getting more than they bargained for when they’ve been bidding on second-hand smartphones on auction sites. A group of researchers at the University of Maryland found that a lot of smartphones that have been confiscated by law enforcement and then auctioned off still had the previous owner’s data on them! Crazy, right?
A Heck of a Bargain
These researchers snagged 228 phones from PropertyRoom.com, which is a pretty big player when it comes to auctioning off stuff that the police have seized. They found that out of all the phones they won (for a pretty decent average of $18 per phone, I might add), 49 of them didn’t even have a PIN or passcode. And for an extra 11, they could guess the PINs just by trying out the 40 most popular PIN or swipe patterns.
Now, why are these phones in police custody in the first place? Well, there could be a bunch of reasons. Maybe the owner was involved in identity theft, and the phone was used as a tool in the crime. You’d think these kinds of phones wouldn’t be sold off, right? After all, they could be used to commit similar crimes. But guess what? That’s exactly what’s happening.
These researchers could have tried harder to crack the PINs on the other phones they bought, but they figured that a lot of the devices probably hadn’t been wiped and were just relying on a PIN for protection. They found that the 61 phones they could access had all sorts of data on them – text messages, pictures, emails, browser history, you name it. And here’s the kicker – many of these phones had data related to crimes, including information about victims.
Who cares about their privacy?
Now you might be thinking, “Well, these are criminal phones, why should I care?” Good question, but it’s not entirely clear how these phones ended up on PropertyRoom in the first place. It turns out that a lot of these devices seem to have ended up the same way as assets seized in civil forfeiture cases. If the police can’t figure out who owns something, it eventually becomes property of the state and gets shipped off to resellers.
What’s even more concerning is that many of these phones had personal information about previous or intended crime targets. Some had pictures of government-issued IDs. Others had full credit files for several people, or screenshots of stolen credit card info, or chats about how to run identity theft scams.
So, what did you find?
The most interesting find? A phone with a sticky note on the back that had the device’s PIN and a reference to the Graykey software that’s often used by law enforcement to guess mobile device PINs. This phone had a whole bunch of credit histories from Experian and TransUnion in the message chain.
It’s pretty common to find phones on auction platforms like eBay that haven’t been wiped of sensitive data. But in cases like those, eBay isn’t actually in possession of the items being sold. On the other hand, platforms like PropertyRoom get the devices and then resell them directly.
PropertyRoom’s Response
So what’s PropertyRoom’s take on this? Well, the researchers say that after they shared their findings in October 2022, PropertyRoom started making sure all mobile devices were wiped of their data before being sold. They did find a few exceptions where external SD cards hadn’t been wiped, but overall it seems like things have improved.
Want to dive deeper into this? Check out the full study by the University of Maryland team here
Leave a Comment