In Britain, around two-thirds of discarded memory cards were found to contain data left from their previous owners, a study has shown.
Over a four-month period, a cybersecurity team at the University of Hertfordshire acquired one hundred used SD and micro SD memory cards. The cards were procured from a variety of sources, including eBay and second-hand shops. Most were taken out from resold smartphones and tablets.
The research used various ways to extract data from the cards. They did not use any complex methods but instead relied on commonly found extraction and recovery software. The scans uncovered an alarming amount of data, containing what can be deemed as sensitive content: ranging from passport scans to intimate photographs.
The data also included contact lists, navigation files, resumes, browsing history, and identification numbers. This kind of data can expose users to a number of threats, including blackmail and identity theft.
Overall, the researchers found that:
What’s particularly eye-catching in this research is the number of people that are compromising their data as a result of lack of knowledge. Almost a thirds had either deleted or formatted their cards, and it is safe to assume that their intention was to keep their data private and were clearly unaware of the fact that their actions are not enough.
The research, which was commissioned by Comparitech, also points out additional concerns.
Basically, the authors of the study estimate that, as the size of cards and their use increase, the size of the problem will naturally grow too, pointing out that both the amount of data and diversity will increase.
They cite the example of satellite navigation systems (SatNav) data being used to pinpoint a person’s home.
They also mention that as cloud storage becomes cheaper and its use proliferates, it will offer a safer alternative for users.