Spring Cleaning? What to Know When Buying and Selling Used Devices

Share via

Spring is in the air, so I am told as where I live, there are only two seasons – “Snowbirds coming soon”, and “Snowbirds going home soon”.  http://www.examiner.com/article/florida-snowbird-season-means-slow-driving

But, it is the traditional time to clean house, tidy away things you don’t use, and for us geeks, time to dispose of all the redundant technology we’ve accumulated over the last twelve months.

My house is no exception to this, though my wife and I have very different opinions. I still have my first mobile phone – a trusty Nokia 101 from the early 90’s – It still works, well it would if I had a battery for it – but I could put a SIM in it and use it, probably.

That’s my justification for keeping it anyway, along with a crate of old hard disks (ATA, full height 5 ¼ included), motherboards, processors, ram etc – all the things you might just need if the computer museum ever calls, and of course the stack of iPad’s, iPhones and other laptops.

My wife however is the complete opposite, somehow she manages to sell every iOS device she buys a week after the new version is released for 80% of the purchase price. I’ve given up being amazed, but since she only buys the top models, she manages to keep up with the latest Apple widget for a couple of hundred dollars a year.

Me however, well I’ll take my iPhone one to my grave if I can. You never know when it might be needed.

This constant circulation of iPhones into the 2nd hand market does bother me though – all the usual things exist on our phones, personal pictures, contacts, work email, cached passwords to websites, Facebook, LinkedIn, Tripit etc – even banking applications. Things that absolutely you don’t want getting into some strangers hand.

And Phones are the most obvious – people sell and buy PC’s, tablets, Laptops via eBay, Craigslist etc –  In fact I picked up a home server not so long ago used, but in perfect condition with 3TB storage.

Think about how much personal data could be floating around if these devices are not properly sanitized – I wonder what would have happened if I’d run an “unformat” command on that server for example…

Even gaming systems are worrying – Though it was not sold, let’s say someone new “acquired” my PSP a while ago. Other than being extremely peeved and bored on a couple of long flights, I didn’t think too much more about it, until that unnamed person realized that my Sony Network password was cached on the device, and through that, they were able to buy games using my credit card.

How many teenagers think to erase a handheld electronic game before trading it? Not many I expect.

So all this technology, valuable technology even has a huge data protection problem, and this means we need to think before we spring clean our personal IT.

One : Selling your old IT to someone

My wife funds her Apple habit by selling on her old devices, and looking at eBay/Craigslist, there are a lot of companies and individuals doing exactly the same. You have to be aware though that you may be unlucky and sell that device to someone who has nothing better to do than see how much of your personal data they can recover from it.

So, be safe and clean up before you let it out of your sight – I added some links and instructions to this blog how to erase some common device types. One thing I want to point out in particular though is deleting files and formatting hard disks and usb sticks is NOT ENOUGH.

There are a hundred easy ways to recover deleted files and formatted media – trust me. When we look at used PCs here in McAfee we routinely find files simply in the recycle bins – but, even if you format your hard disk – there are easy to use tools to recover the files from it.

To make sure no one gets your data, you need to think about “erasing data”, not deleting it – the tools I mention below will make the data impossible to recover, even for a specialist company.

Tip – Every electronic device you intend to hand over to an untrusted, unknown person, needs to be completely and irrecoverably erased before you give it to them

Two: Buying used IT from someone

If I worked for a startup, I’d buy all my IT on eBay – today I see 2 year old NAS storage devices for $999 – they would have cost $20,000 new. There’s everything a geek could want available for cents on the dollar – you could put together a datacenter in your home for a few thousand dollars, or replace that  clunky Netgear switch with a shiny 1Gb HP Procurve for $30. But, with the amount of malware in existence, would you really be prepared to trust that used server, that 2nd hand PC the previous owner who “Erased and reinstalled windows for you”?

What about the situation that you buy a used smartphone/PC, and then some weeks later the previous owner asks you if they can have it back because they left something important on it, or worse, accuses you of posting their confidential information online? To be safe – take action yourself first.

Tip – If you buy used equipment, erase it yourself before you start using it so you know it’s clean and not contaminated.

Three – Handing your device over to someone you don’t know

In the case of temporarily giving up your devices to people who you would expect to be trustworthy – say you need some repairs done, or new hardware installed on your pc, there are examples of people who’ve sent their computer for repair, and it’s come back infected with spyware, even recent news stories http://www.bbc.co.uk/news/uk-wales-mid-wales-26927322  http://www.wmctv.com/story/24064927/the-investigators-photo-shopping of phone repair engineers who downloaded pictures of customers phones, and in one case, sent them back with inappropriate messages.

Tip – If you’re leaving your phone or computer for repair and it will be out of your sight, if at all possible back up and erase all personal data beforehand

Four – Throwing old IT away

Not all of us want to go through the hassle of selling things to a stranger – but that does not mean you should just throw your old electronics away. There are too many examples of data recovery by “dumpster divers” – even large companies suffer from this problem.

Tip – If you’re throwing phones, hard disks,  usb sticks, DVDs etc away – erase or destroy them first

Five – Recycle your old IT

Finally, even if you’re not willing to take the risk of selling your IT, and not willing to just throw it in the trash – think about donating it, or recycling– companies such as http://www.nextworth.com/ will even buy it from you.

But the risk here is the same as sending your IT off to a stranger. There’s no guarantee the recycler is going to erase it before selling or donating it on. Take action yourself first.

Tip –  If you’re sending your device off to a recycler, remember to erase it first

Device specific Tips

I’ve tried below to compile a list of the common platforms and how to reset them – it’s always worth though checking your specific device details on the manufacturers help site before relying on any of these.

Apple IOS Devices – Amongst the easiest and most foolproof – IOS has a built in secure erase. Apple has information in their support site http://support.apple.com/kb/ht2110

Apple Mac Laptops – Depends on the OS, but there is usually a robust erase process, for example again from Apples support site http://support.apple.com/kb/ph4439 for Lion, http://support.apple.com/kb/HT3910?viewlocale=en_US for Snow Leopard, http://support.apple.com/kb/PH14243 for Maveriks etc

Android Devices – Not as uniform as IOS, but most versions of Android has an erase function either in “Backup and Reset (factory reset)” , “Storage”, or “Settings/Privacy” – check your device manufacturer website for information.

Blackberry – See the Blackberry.com site for your specific mode – for example http://docs.blackberry.com/en/smartphone_users/deliverables/18596/Delete_all_device_data_6.0_1186102_11.jsp

Windows Phone – Microsoft maintain instructions on their site for specific versions and models – for example http://www.windowsphone.com/en-us/how-to/wp8/basics/reset-my-phone

Windows PCs – Often the hardest systems to completely wipe – Microsoft offers some advice regarding erasing your hard disk on their site – http://www.microsoft.com/security/online-privacy/safely-dispose-computers-and-devices.aspx. Personally I am a great fan of DBAN http://www.dban.org/

XBOX360 – Format the hard disk following Microsofts instructions – http://support.xbox.com/en-us/xbox-360/accessories/storage

Playstation 3 – Erase personal data and format the drive following Sony’s instructions – https://support.us.playstation.com/app/answers/detail/a_id/1212/~/remove-personal-info-from-a-ps3

Kindle 2 – Home / Menu / Settings / “reset to factory”

Kindle Fire – Small cog icon, More, Device, “Reset to Factory Defaults”

Nook – Settings / Device / Unregister your Nook, then “Reset to Factory Settings”

USB Sticks, SD Cards etc – Gizmodo have a great article on erasing all kinds of media – http://gizmodo.com/5489933/leave-no-trace-how-to-completely-erase-your-hard-drives-ssds-and-thumb-drives


Simon Hunt is the VP and CTO for Endpoint Security at McAfee

Twitter: https://twitter.com/CTOGoneWild