Tesco Hudl found to retain data even after factory reset

Tesco Hudl tablets have been linked to a security risk, with potentially sensitive data remaining even after factory reset

Hacker

Sensitive data stored on Android devices such as the Tesco Hudl can still be accessed even if a user has carried out a factory reset, an investigation by the BBC has found.

Three separate tests on various Android tablets concluded that data is not necessarily removed even after users have chosen the factory reset option, with some tests resulting in just the list of locations being deleted and nothing else. A secure wipe removes the index as well as onboard memory, preventing it from being recovered by anyone else.

based devices were purchased from selling site eBay as part of the investigation. Security expert Ken Munro, who worked with the BBC to test the results for themselves, found the Tesco Hudl tablet to be particularly vulnerable to attacks.

He said: "There's a flaw in the firmware, which allows you to read from it as well as write."

The flaw leaves potentially sensitive information on devices, which can then be passed on to others when the device is lost, stolen or sold.

During the experiments, Munro could read and analyse data as well as extracting PIN codes, Wi-Fi keys, cookies and other browsing data. This meant that he could sign in to websites, accessing private information relating to the tablet's original owner.

Sven Boddington, vice president of global marketing and client solutions at Teleplan, added: "To say its worrying to find tablet devices are being sold with data still on them is an understatement.

"As consumers, we are becoming increasingly reliant on our mobile devices, from basic communications, social media, to mobile banking and payment transactions, and therefore the data they carry is more and more sensitive."

It is expected that new Android releases will feature automatically enabled encryption, rather than as an option as it is now.

A spokesperson for Tesco responded to the worrisome findings, saying: "Customers should always ensure all personal information is removed prior to giving away or selling any mobile device. To guarantee this, customers should use a data wipe program.

"If you sell or dispose of your device, we recommend you enable encryption on your device and apply a factory reset beforehand."

The spokesperson also assured customers that, if they return the tablets to Tesco, all data will be securely wiped from them.

"Businesses that process mobile devices such as smartphone and tablets for use as second hand products have a responsibility to the sellers, and buyers of these devices to ensure that the proper security procedures are applied so that personal data is thoroughly and permanently destroyed," Boddington added.

Tesco came under scrutiny earlier this year when the personal details including email addresses and passwords of 2,239 Tesco Clubcard users were leaked and published on Pastebin.

Featured Resources

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Simplify cluster security at scale

Centralised secrets management across hybrid, multi-cloud environments

Download now

The endpoint as a key element of your security infrastructure

Threats to endpoints in a world of remote working

Download now

2021 state of IT asset management report

The role of IT asset management for maximising technology investments

Download now

Recommended

Hackers demand ransom from therapy patients after clinic data breach
Security

Hackers demand ransom from therapy patients after clinic data breach

27 Oct 2020
Amazon sacks employee over data breach
Security

Amazon sacks employee over data breach

27 Oct 2020
Zoom starts rolling out end-to-end encryption for all users
Security

Zoom starts rolling out end-to-end encryption for all users

27 Oct 2020
Insider data breaches set to increase due to remote work shift
data breaches

Insider data breaches set to increase due to remote work shift

26 Oct 2020

Most Popular

How Liberty navigated a site relaunch during a pandemic
Sponsored

How Liberty navigated a site relaunch during a pandemic

8 Oct 2020
Do smart devices make us less intelligent?
artificial intelligence (AI)

Do smart devices make us less intelligent?

19 Oct 2020
Politicians need to stop talking about technology
Policy & legislation

Politicians need to stop talking about technology

21 Oct 2020