Second hand mobile phones could put personal data at risk

Selling your mobile could leave you open to identity fraud or having bank details stolen if you do not wipe data first, cyber crime experts warn

  • Customers warned of risk posed by buying and selling second-hand handsets
  • National Cyber Security Centre advise consumers to digitally wipe any devices
  • A major risk comes from devices that are no longer eligible for security updates

Anyone looking to sell their old phone on trading sites like eBay after unwrapping a shiny new handset for Christmas may want to think again.

The government’s cyber security body has warned potential sellers – and buyers – of old smartphones that their bank details and other personal information could be at risk.

In new advice published by the National Cyber Security Centre (NCSC), people are told make sure their device is digitally wiped all personal data to avoid it being recovered by criminals.

A previous study by researchers at the University of East London was able to obtain data including passport photos and text from sellers who believed they had ‘cleaned’ their devices before listing them on marketplace Gumtree. 

The government’s cyber security body has warned potential sellers – and buyers – of old smartphones that their bank details and other personal information could be at risk (stock photo)

Platforms such as Ebay and Facebook Marketplace also allow users to sell second-hand devices, and provide varying pieces of guidance for data protection.

Sarah Lyons, NCSC Deputy Director for Economy and Society, said: ‘At this time of year many of us take advantage of the pre-owned tech market, either to grab a bargain or cash in on a device we no longer need.

‘We want consumers to make the most of this market, but we also want them to be aware of the risks around security and personal data and what they can do to protect themselves.

‘As people look towards the post-Christmas sales we would encourage them to follow the steps in our ‘Buying and Selling Second-hand Devices’ to help them stay secure and shop with confidence.’

The guidance also advises people looking for second-hand devices online to make sure the phone, tablet or computer is still eligible for security updates from the manufacturer.

In new advice published by the National Cyber Security Centre (NCSC), people are told make sure their device is digitally wiped all personal data to avoid it being recovered by criminals

In new advice published by the National Cyber Security Centre (NCSC), people are told make sure their device is digitally wiped all personal data to avoid it being recovered by criminals

Devices that can no longer receive updates are vulnerable to new security threats and viruses, which could result in data loss and theft. With the iPhone, versions older than the iPhone 6 are no longer able to make updates.

New security features like facial or fingerprint recognition give a higher level of safety to consumers.  

Earlier this year, consumer advice group Which? warned that a large number of device no longer supported by the manufacturer were being bought and sold online.

Kate Bevan, Which? Computing editor, said: ‘Keeping mobile phones in circulation for longer is better for the environment but it shouldn’t come at the cost of customer security.

‘Unless manufacturers become more transparent, and those offering vital updates for only a couple of years do better, there is a risk that second-hand phones will be vulnerable to hackers or end up dumped in a landfill site.

‘If your mobile phone is no longer receiving security updates you should consider upgrading as soon as possible. While you continue to use an out-of-support device, you must take steps to mitigate the risks – including using mobile antivirus software, managing app permissions and only downloading from official stores.’