Tesco Hudl found to retain data even after factory reset

Tesco Hudl tablets have been linked to a security risk, with potentially sensitive data remaining even after factory reset

Hacker

Sensitive data stored on Android devices such as the Tesco Hudl can still be accessed even if a user has carried out a factory reset, an investigation by the BBC has found.

Three separate tests on various Android tablets concluded that data is not necessarily removed even after users have chosen the factory reset option, with some tests resulting in just the list of locations being deleted and nothing else. A secure wipe removes the index as well as onboard memory, preventing it from being recovered by anyone else.

Advertisement - Article continues below

based devices were purchased from selling site eBay as part of the investigation. Security expert Ken Munro, who worked with the BBC to test the results for themselves, found the Tesco Hudl tablet to be particularly vulnerable to attacks.

He said: "There's a flaw in the firmware, which allows you to read from it as well as write."

The flaw leaves potentially sensitive information on devices, which can then be passed on to others when the device is lost, stolen or sold.

During the experiments, Munro could read and analyse data as well as extracting PIN codes, Wi-Fi keys, cookies and other browsing data. This meant that he could sign in to websites, accessing private information relating to the tablet's original owner.

Advertisement
Advertisement - Article continues below

Sven Boddington, vice president of global marketing and client solutions at Teleplan, added: "To say its worrying to find tablet devices are being sold with data still on them is an understatement.

Advertisement - Article continues below

"As consumers, we are becoming increasingly reliant on our mobile devices, from basic communications, social media, to mobile banking and payment transactions, and therefore the data they carry is more and more sensitive."

It is expected that new Android releases will feature automatically enabled encryption, rather than as an option as it is now.

A spokesperson for Tesco responded to the worrisome findings, saying: "Customers should always ensure all personal information is removed prior to giving away or selling any mobile device. To guarantee this, customers should use a data wipe program.

"If you sell or dispose of your device, we recommend you enable encryption on your device and apply a factory reset beforehand."

The spokesperson also assured customers that, if they return the tablets to Tesco, all data will be securely wiped from them.

"Businesses that process mobile devices such as smartphone and tablets for use as second hand products have a responsibility to the sellers, and buyers of these devices to ensure that the proper security procedures are applied so that personal data is thoroughly and permanently destroyed," Boddington added.

Tesco came under scrutiny earlier this year when the personal details including email addresses and passwords of 2,239 Tesco Clubcard users were leaked and published on Pastebin.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/security/encryption/355820/k2view-innovates-in-data-management-with-new-encryption-patent
encryption

K2View innovates in data management with new encryption patent

28 May 2020
Visit/software/video-conferencing/355410/zoom-50-adds-256-bit-encryption-and-ui-refresh
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020
Visit/security/hacking/355382/whatsapps-flaw-shoulder-surfing
hacking

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020
Visit/security/cyber-security/355368/microsoft-builds-ai-to-detect-security-flaws-with-99-accuracy
cyber security

Microsoft AI can detect security flaws with 99% accuracy

20 Apr 2020

Most Popular

Visit/operating-systems/microsoft-windows/355812/microsoft-warns-against-installing-windows-10-may-2020
Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020
Visit/security/cyber-security/355797/microsoft-bans-trend-micros-rootkit-buster-from-windows-10
cyber security

Microsoft bans Trend Micro driver from Windows 10 for "cheating" hardware tests

27 May 2020
Visit/policy-legislation/data-protection/355835/nhs-yet-to-understand-the-risks-of-holding-test-and-trace
data protection

NHS yet to understand risks of holding Test and Trace data for 20 years

29 May 2020