Tesco Hudl and other Android devices contain ‘factory reset’ data retention flaw

By Peter Gothard
18 Aug 2014 View Comments

Tesco's hugely successful Hudl, and other Android devices, have been discovered to contain firmware glitches which prevent data being truly wiped after factory settings resets.

The errors on Hudl were discovered by the BBC, which worked with security experts at Pen Test Partners to try to recover data from 10 factory-wiped Android devices purchased from auction site eBay.

Further reading

The Tesco Hudl's vulnerability was found in its Rockchip SoC processor, from which it is possible to read firmware information as well as write to it.

As a result, usernames and passwords, WiFi keys, device PINs and cookies could all be recovered, effectively allowing new users to imitate old users, and gain access to the same applications and destinations from the device's internet browsing history.

Tesco's response to the discovery was simply to state that "customers should always ensure all personal information is removed prior to giving away or selling any mobile device. To guarantee this, customers should use a data wipe program."

With no particular program specified, Tesco also said it would be happy to safely factory reset any devices sent directly back to the company.

The next version of Android, 5.0 (codenamed L), is expected to enable data encryption by default, as opposed to the current user-controlled setting.

Currently, it seems that a general data wipe, as in a high-level format on any hard drive, will only remove data indexing on most Android devices, and not the data itself. However, accessing the unindexed data would still require the use of special tools and techniques.

Reader comments
blog comments powered by Disqus
Windows 10 - will you upgrade?

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop. Will your business be upgrading?

37 %
27 %
15 %
21 %