IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Tesco Hudl found to retain data even after factory reset

Tesco Hudl tablets have been linked to a security risk, with potentially sensitive data remaining even after factory reset

Hacker

Sensitive data stored on Android devices such as the Tesco Hudl can still be accessed even if a user has carried out a factory reset, an investigation by the BBC has found.

Three separate tests on various Android tablets concluded that data is not necessarily removed even after users have chosen the factory reset option, with some tests resulting in just the list of locations being deleted and nothing else. A secure wipe removes the index as well as onboard memory, preventing it from being recovered by anyone else.

based devices were purchased from selling site eBay as part of the investigation. Security expert Ken Munro, who worked with the BBC to test the results for themselves, found the Tesco Hudl tablet to be particularly vulnerable to attacks.

He said: "There's a flaw in the firmware, which allows you to read from it as well as write."

The flaw leaves potentially sensitive information on devices, which can then be passed on to others when the device is lost, stolen or sold.

During the experiments, Munro could read and analyse data as well as extracting PIN codes, Wi-Fi keys, cookies and other browsing data. This meant that he could sign in to websites, accessing private information relating to the tablet's original owner.

Sven Boddington, vice president of global marketing and client solutions at Teleplan, added: "To say its worrying to find tablet devices are being sold with data still on them is an understatement.

"As consumers, we are becoming increasingly reliant on our mobile devices, from basic communications, social media, to mobile banking and payment transactions, and therefore the data they carry is more and more sensitive."

It is expected that new Android releases will feature automatically enabled encryption, rather than as an option as it is now.

A spokesperson for Tesco responded to the worrisome findings, saying: "Customers should always ensure all personal information is removed prior to giving away or selling any mobile device. To guarantee this, customers should use a data wipe program.

"If you sell or dispose of your device, we recommend you enable encryption on your device and apply a factory reset beforehand."

The spokesperson also assured customers that, if they return the tablets to Tesco, all data will be securely wiped from them.

"Businesses that process mobile devices such as smartphone and tablets for use as second hand products have a responsibility to the sellers, and buyers of these devices to ensure that the proper security procedures are applied so that personal data is thoroughly and permanently destroyed," Boddington added.

Tesco came under scrutiny earlier this year when the personal details including email addresses and passwords of 2,239 Tesco Clubcard users were leaked and published on Pastebin.

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
The top programming languages you need to learn for 2022
Careers & training

The top programming languages you need to learn for 2022

23 Jun 2022
Attracting and retaining talent through training
Sponsored

Attracting and retaining talent through training

13 Jun 2022