sciencetech-blog

comments

A bug in the processor that powers the popular Tesco Hudl tablet could be leaving private data at risk.

Investigations carried out by security researchers and the BBC discovered that they could retrieve 'deleted' data from second-hand models of the device.

Experts typically advise carrying out a factory reset to remove data from any gadget, but the investigation has revealed this technique may not always work on the supermarket's tablet.

Investigations carried out security researchers and the BBC discovered that they could retrieve 'deleted' data from second-hand models of Tesco's Hudl tablet (pictured). Using free software, a security expert obtained unlock codes, Wi-Fi and site passwords, and browsing history

The investigations involved second-hand gadgets bought on auction sites, including eBay, and included 10 Hudls.

The BBC, with help from Ken Munro, security expert at Pen Test Partners, said the Hudl was vulnerable because of a bug in its Rockchip processor's firmware.

Using free software, Mr Munro discovered that the flaw in the firmware meant he could read data stored on it, as well as write to it.

He uncovered data including unlock codes, Wi-Fi and site passwords and browsing history.

Tesco said that devices returned to the stores have personal data wiped, and advised customers to use data wiping software, as well as carrying out a factory reset, to make sure the information is removed.

Sven Boddington, vice president of global marketing and client solutions at computer firm Teleplan told MailOnline: 'To say it's worrying to find tablet devices are being sold with data still on them is an understatement.

'This is not the first instance, we're constantly seeing this kind of story in the news.

'It's not good enough to delete the personal data to only a 'basic standard' or worse still, not at all as there is an obligation to comply with data protection laws.'

Earlier this year, researchers from Avast found they were able to pull tens of thousands of photos, emails, text messages and more from used phones being on eBay that previous owners had thought they had 'wiped' clean.

Experts typically advise carrying out a factory reset (stock image pictured) to remove data from any device, but the BBC investigation has revealed this technique may not always work on the supermarket's gadget. The vulnerability is caused by a bug in the tablet's Rockchip processor's firmware

Aside from 40,000 photos and 250 'compromising' selfies of men, the company was even able to discover the identity of several sellers, and one person's completed loan application.

Only one phone had third-party security software installed, and it actually gave up the most personal information of all.

In response to the findings, Google said: 'This research looks to be based on old devices and versions (pre-Android 3.0) and does not reflect the security protections in Android versions that are used by the vast majority of users.

'If you sell or dispose of your device, we recommend you enable encryption on your device and apply a factory reset beforehand; this has been available on Android for over three years.'