The security of devices running the Android operating system has been called into question after three separate investigations have shown it is possible to access sensitive data from many second-hand handsets.
And, according to a report by the BBC, Tesco’s Hudl tablet was one of the worst offenders as it has a flaw that lets attackers get at data saved to onboard memory.
All the investigations used second-hand devices sold via auction sites such as eBay.
The BBC worked with security expert Ken Munro from security firm Pen Test Partners to purchase second-hand devices sold on online auction sites – including 10 Hudl tablets – to see how easy it was to recover information from them.
Using a freely available software tool, Munro was able to easily read data from Hudl tablets to which the factory reset facility had been applied. “There’s a flaw in the firmware, which allows you to read from it as well as write,” he explained.
Munro was able to extract Pin codes to unlock devices as well as wi-fi keys, cookies and other browsing data that could be used to sign in to a website and masquerade as the tablet’s original owner.
In response, a Tesco spokesman told the BBC: “Customers should always ensure all personal information is removed prior to giving away or selling any mobile device. To guarantee this, customers should use a data wipe program.”
The spokesman added that any tablets returned to Tesco would have all personal data wiped. He also recommended that people get further information about how to remove personal data from smartphones via the government’s Get Safe Online website.
Tesco sold 500,000 Hudl devices in the seven months following its launch last September.
Related stories
Tesco bids to woo techno geeks
Tesco plans own brand smartphone
Hudl sales surge gives Tesco boost
Tesco struggles with Hudl demand
Hudl ‘will build Tesco customer links’
Tesco tablet to boost data strategy
Hudl flaw exposed by data probe http://t.co/dUDIewdlWf #digitalmarketing #directmarketing #advertising