#1 Trending Cyber Security News & Magazine
Saturday, June 3, 2023
No Result
View All Result
The Cyber Express
  • MagazineDownload
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacking News
    • Ransomware News
    • Vulnerabilities
    DPRK’s Social Engineering Campaign Targets Think Tanks, Academia, and Media

    DPRK’s Social Engineering Campaign Targets Think Tanks, Academia, and Media

    Billtrust Appoints Ankur Ahuja

    Billtrust Appoints Ankur Ahuja as SVP and Chief Information Security Officer

    NoEscape Ransomware-as-a-Service (RaaS)

    NoEscape Ransomware-as-a-Service (RaaS): Triple-Extortion Affiliate Program Unveiled

    SharpPanda APT Targets High-Level Government Officials From G20 Nations

    SharpPanda APT Targets High-Level Government Officials From G20 Nations

    YKK Ransomware Attack

    LockBit Claims to Hit Global Zipper Giant YKK, Sets 14-Day Deadline

    SmokeLoader Malware

    SmokeLoader Malware Adopts New Tactics, Raises Serious Security Concerns

    Camaro Dragon

    Camaro Dragon Expands Cyber Espionage Operations with TinyNote Backdoor

    Vulnerability In MOVEit Transfer

    Vulnerability in MOVEit Transfer Exploited in the Wild

    Google Workspace security

    A Google Workspace Security Issue Can Allow Data Exfiltration Without Any Logs

    Trending Tags

    • blackbyte ransomware
    • Ransomware
    • lapsus$ ransomware
    • Apple
    • Apple vulnerability
  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    Martin Sloan, Five Years Of GDPR

    Five Years of GDPR: There is a Long Way to Run on Cross-Border Data Transfers

    Nokoyawa Ransomware Group

    All You Need to Know About The Nokoyawa Ransomware Group

    StopRansomware Guide

    Updated StopRansomware Guide Warns of Ransomware’s Shape Shifting Tactics

    Microsoft Entra

    Microsoft Build 2023: Microsoft Entra Introduced With New Identity and Access Features

    Data Protection Commission

    Irish Data Protection Commission imposes $1.3bn Fine on Meta

    US Police Auction Seized Cell Phones Without Wiping Data, Sparks Privacy Concerns

    US Police Auction Seized Cell Phones Without Wiping Data, Sparks Privacy Concerns

    disclosing cybersecurity incidents

    Why Victims Fail to Disclose Cybersecurity Incidents, And Why They Should

    Stakeholder Communication During Crisis

    Stakeholder Communication During Crisis: How to Get It Right

    Government Regulation of AI businesses

    Government Regulation of AI businesses: UK Competition Watchdog Launches Review

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    Billtrust Appoints Ankur Ahuja

    Billtrust Appoints Ankur Ahuja as SVP and Chief Information Security Officer

    Cybertech Africa

    Cybertech Africa: The Pan-African Event for Innovation and Networking

    IBM Acquired Polar Security

    IBM Acquires Polar Security Reportedly For $60 Million

    World CyberCon Middle East 2023

    World CyberCon Middle East 2023: The Premier Cybersecurity Conference in the Region

    ODIN by Cyble

    Cyble Launches ODIN: A Revolutionary Tool for Unparalleled Internet Exploration

    cybersecurity investments

    Cybersecurity Investments Up in April, Market Watchers Predict Growth of Over $700 billion

    OilRig APT

    Experts Warn of Increased IT Supply Chain Attacks by OilRig APT in Middle East

    World Password Day 2023

    World Password Day 2023: Protect Your Password, Create an Unbreakable One

    national cybersecurity strategy

    US National Cybersecurity Strategy: Businesses, Let’s Start with Disclosure!

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • EventsCyberCon
    • World CyberCon Middle East 2023
    •  Cyber Security Webinar
    • Endorsed Events
  • ProductsTools
    • Cyble Vision
    • Cyble Hawk (LEA, Govt.)
    • Am I Breached
    • Cyble Odin (Beta)
SUBSCRIBE
  • MagazineDownload
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacking News
    • Ransomware News
    • Vulnerabilities
    DPRK’s Social Engineering Campaign Targets Think Tanks, Academia, and Media

    DPRK’s Social Engineering Campaign Targets Think Tanks, Academia, and Media

    Billtrust Appoints Ankur Ahuja

    Billtrust Appoints Ankur Ahuja as SVP and Chief Information Security Officer

    NoEscape Ransomware-as-a-Service (RaaS)

    NoEscape Ransomware-as-a-Service (RaaS): Triple-Extortion Affiliate Program Unveiled

    SharpPanda APT Targets High-Level Government Officials From G20 Nations

    SharpPanda APT Targets High-Level Government Officials From G20 Nations

    YKK Ransomware Attack

    LockBit Claims to Hit Global Zipper Giant YKK, Sets 14-Day Deadline

    SmokeLoader Malware

    SmokeLoader Malware Adopts New Tactics, Raises Serious Security Concerns

    Camaro Dragon

    Camaro Dragon Expands Cyber Espionage Operations with TinyNote Backdoor

    Vulnerability In MOVEit Transfer

    Vulnerability in MOVEit Transfer Exploited in the Wild

    Google Workspace security

    A Google Workspace Security Issue Can Allow Data Exfiltration Without Any Logs

    Trending Tags

    • blackbyte ransomware
    • Ransomware
    • lapsus$ ransomware
    • Apple
    • Apple vulnerability
  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    Martin Sloan, Five Years Of GDPR

    Five Years of GDPR: There is a Long Way to Run on Cross-Border Data Transfers

    Nokoyawa Ransomware Group

    All You Need to Know About The Nokoyawa Ransomware Group

    StopRansomware Guide

    Updated StopRansomware Guide Warns of Ransomware’s Shape Shifting Tactics

    Microsoft Entra

    Microsoft Build 2023: Microsoft Entra Introduced With New Identity and Access Features

    Data Protection Commission

    Irish Data Protection Commission imposes $1.3bn Fine on Meta

    US Police Auction Seized Cell Phones Without Wiping Data, Sparks Privacy Concerns

    US Police Auction Seized Cell Phones Without Wiping Data, Sparks Privacy Concerns

    disclosing cybersecurity incidents

    Why Victims Fail to Disclose Cybersecurity Incidents, And Why They Should

    Stakeholder Communication During Crisis

    Stakeholder Communication During Crisis: How to Get It Right

    Government Regulation of AI businesses

    Government Regulation of AI businesses: UK Competition Watchdog Launches Review

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    Billtrust Appoints Ankur Ahuja

    Billtrust Appoints Ankur Ahuja as SVP and Chief Information Security Officer

    Cybertech Africa

    Cybertech Africa: The Pan-African Event for Innovation and Networking

    IBM Acquired Polar Security

    IBM Acquires Polar Security Reportedly For $60 Million

    World CyberCon Middle East 2023

    World CyberCon Middle East 2023: The Premier Cybersecurity Conference in the Region

    ODIN by Cyble

    Cyble Launches ODIN: A Revolutionary Tool for Unparalleled Internet Exploration

    cybersecurity investments

    Cybersecurity Investments Up in April, Market Watchers Predict Growth of Over $700 billion

    OilRig APT

    Experts Warn of Increased IT Supply Chain Attacks by OilRig APT in Middle East

    World Password Day 2023

    World Password Day 2023: Protect Your Password, Create an Unbreakable One

    national cybersecurity strategy

    US National Cybersecurity Strategy: Businesses, Let’s Start with Disclosure!

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • EventsCyberCon
    • World CyberCon Middle East 2023
    •  Cyber Security Webinar
    • Endorsed Events
  • ProductsTools
    • Cyble Vision
    • Cyble Hawk (LEA, Govt.)
    • Am I Breached
    • Cyble Odin (Beta)
No Result
View All Result
The Cyber Express
No Result
View All Result
Home Cyber Essentials

US Police Auction Seized Cell Phones Without Wiping Data, Sparks Privacy Concerns

Cell phones confiscated by police and subsequently auctioned off have become a source of re-victimization for unsuspecting buyers

Vishwa Pandagle by Vishwa Pandagle
May 17, 2023
in Cyber Essentials, Firewall Daily
0
US Police Auction Seized Cell Phones Without Wiping Data, Sparks Privacy Concerns
599
SHARES
3.3k
VIEWS
Share on LinkedInShare on Twitter

US police auction seized cell phones without wiping data stored in them, found researchers at the University of Maryland. Police in the US have been auctioning off mobile phones seized during arrests, with all their data intact.

This is a common practice of selling off items in the custody of the police that remained unclaimed over a period of time, found University of Maryland researchers Dave Levin (Assistant Professor), Raley Roberts (Ph.D. student), Julio Poveda (Ph.D. student), and Richard Roberts (Ph.D. student)

You might also like

DPRK’s Social Engineering Campaign Targets Think Tanks, Academia, and Media

Billtrust Appoints Ankur Ahuja as SVP and Chief Information Security Officer

NoEscape Ransomware-as-a-Service (RaaS): Triple-Extortion Affiliate Program Unveiled

Sellers of seized and used phones from police auctions on various avenues, including PropertyRoom, eBay, and others, took no responsibility for the storage status of the devices they sold.

US police auction seized cell phones without wiping data: Implications

US police selling phones on online markets is a common practice. The members of the Electronic Frontier Foundation and their lawyers discussed the rightful owner of the used phones from police auctions and made the following statements:

  • After a specific time, the ownership of seized, stolen, or lost and found items is passed on to the state or local government.
  • Items sold during police auctions leave the ownership of the items to the purchaser despite the item being stolen. However, the research read, “..Normally, purchasing stolen property does not transfer ownership rights-even if the buyer did not know it was stolen.” This technically nullifies the credibility of the trade and puts the buyer at risk of knowingly or unknowingly misusing the found data on the used phones from police auctions.
  • Moreover, “(The) ownership of the data ends within the confines of the phone. The Computer Fraud and Abuse Act (CFAA) still prohibits the new purchaser from accessing a remote service that they are not authorized to—and merely possessing cookies
    or passwords does not confer authorization,” the study read.
  • Finally, the law says that material pertaining to Child Sexual Abuse Material (CSAM) must be immediately reported to law enforcement.

This puts a question mark on why the police would not make sure to wipe the phones off of such material in the first place before putting them up for auction.

Added to that, individuals in possession of used phones from police auctions are expected to log out of bank apps if they find themselves accessing it on the found or bought device.

In order to reduce the workload on the legal authorities or the police, staff can be hired to look after seized phones in order to curtail threat to data and the buyers.

PropertyRoom and police auction of seized cell phones

police auction seized cell phones without wiping data
screenshot of police-seized phones listed on propertyroom

Upon finding that a colleague purchased a used phone from PropertyRoom.com that had data from the previous user still on the device, the researchers from the University of Maryland took to investigating the case.

“We started purchasing phones from PropertyRoom, and at the same time started engaging with our university’s ethics board, division of IT, and even legal counsel to discuss how to run this study ethically and legally,” researcher Dave Levin told The Cyber Express.

“Ultimately, we came up with some guidelines to protect the owners of the data as well as the researchers themselves, and we performed our study.”

They purchased a total of 228 phones from PropertyRoom, a seller that partners with over 4,300 police departments in the US. To their surprise, they found that out of the 228 devices, 49 phones had no locks and 61 were accessible with user data still on them.

US Police Auction Seized Cell Phones Without Wiping Data, Sparks Privacy Concerns
Status of the phones purchased by the researchers (Photo: University of Maryland study)

The researchers contacted PropertyRoom and discussed the findings with them. After giving them three months to investigate the issue, the researchers found that the company stopped selling cell phones for nearly a month.

When they got back to business, the phones were found to be reset to their factory settings. However, the researchers noticed another issue.

“We disclosed our results to PropertyRoom back in October — more than 6 months before going public with our results — so as to give them time to address the problem. When they started selling them again, we purchased all of the phones for about a week and analyzed those, as well,” Levin said.

“We found that PropertyRoom had started wiping their phones, but they were not wiping the SD cards. We also disclosed our results to many police groups, as described in our paper.”

Police auction seized cell phones without wiping data: Buyers at risk

The law is clear about maintaining the privacy of data found on any device regardless of who owns the device failing which, they bring legal implications onto them.

It won’t take long for cybersecurity agents or legal authorities to trace the IP address of buyers of used phones from police auctions if suspicious activities are found.

One of the noteworthy phones acquired through the auction had a peculiar addition: a sticky note affixed to it containing the device’s PIN and the phrase “Gry Keyed.”

This reference is believed to be connected to the widely used Graykey software employed by law enforcement agencies to forcefully obtain a mobile device’s PIN.

Further, the researchers found the credit files of eight people on a device, putting the financial details of individuals who previously accessed the phones at risk. Another phone had screenshots of 11 stolen credit cards. Yet another device had a Telegram group chat history with tutorials on how to run identity theft scams.

Such instances of buying and selling phones with data in the internal or external SD storage is akin to a data breach or a hack that exposes sensitive data.

The market for stolen, confiscated, lost phones

Police Auction Seized Cell Phones Without Wiping Data
Image courtesy: Custom Markets Insight

The global market for refurbished and used mobile phones is expected to grow at a compound annual growth rate of 11.45% from 2022 to 2030. This means it can move from $52.34 billion in 2021 to $64.10 billion in 2022.

Several estimates list the US as the fastest growing market for refurbished and used mobile phones. A refurbished phone goes through a process of quality check however, used phones can be dead at the time of selling.

US Police Auction Seized Cell Phones Without Wiping Data, Sparks Privacy Concerns
(Photo: Custom Market Insights)

Some of the key players who champion the market of refurbished and used phones are Apple Inc., Amazon, Samsung, Version Communications, and Cashify.

Besides these, Walmart, eBay, Paytm, Huawei, Yaantra, and AT&T Inc. are close contenders. Seeing the brands of phones while making a purchase is not enough to escape falling into legal complications.

The onus lies with the end-users to make sure that they erase all the data from the used phones before starting to use them.

They can also verify with the local police if they feel something amiss with their new purchase if the sellers have not done their part.

“The lack of raw materials like semiconductors in the U.S. during the pandemic, owing to the closure of international borders, to contain the spread of the COVID-19 virus had negatively impacted the supply chains and hampered the export and imports of essential raw materials and smartphones across the globe.

“This created a new opportunity for the vendors operating in the U.S. refurbished and used mobile phones market,” a Custom Market Insights report read.

Although the increased demand of used phones gave a boost to the US market, and others across the globe, the revenue generated from new products fell impacting the market negatively.

Share this:

  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • More
  • Click to email a link to a friend (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)

Related

Tags: illegal used phonesselling for police auctionThe Cyber ExpressThe Cyber Express NewsUniversity of Marylandused phones on PropertyRoom
Previous Post

IBM Acquires Polar Security Reportedly For $60 Million

Next Post

Cisco Routers Exploited! Jaguar Tooth Malware Unleashed Through SNMP Vulnerability

Vishwa Pandagle

Vishwa Pandagle

Vishwa Pandagle is a Technical Writer at The Cyber Express. She writes cybersecurity news related to data breaches, ransomware, phishing, and best practices among others. She also writes about cybersecurity developments and likes interacting with experts in this field. When not working, she likes self-reflecting, meditating, volunteering, and going for long walks.

Related Posts

DPRK’s Social Engineering Campaign Targets Think Tanks, Academia, and Media
Espionage

DPRK’s Social Engineering Campaign Targets Think Tanks, Academia, and Media

by Editorial
June 3, 2023
Billtrust Appoints Ankur Ahuja
Appointments

Billtrust Appoints Ankur Ahuja as SVP and Chief Information Security Officer

by Editorial
June 3, 2023
NoEscape Ransomware-as-a-Service (RaaS)
Dark Web News

NoEscape Ransomware-as-a-Service (RaaS): Triple-Extortion Affiliate Program Unveiled

by Editorial
June 3, 2023
SharpPanda APT Targets High-Level Government Officials From G20 Nations
Firewall Daily

SharpPanda APT Targets High-Level Government Officials From G20 Nations

by Chandu Gopalakrishnan
June 2, 2023
YKK Ransomware Attack
Firewall Daily

LockBit Claims to Hit Global Zipper Giant YKK, Sets 14-Day Deadline

by Editorial
June 2, 2023
Next Post
Jaguar Tooth Malware, SNMP Vulnerability

Cisco Routers Exploited! Jaguar Tooth Malware Unleashed Through SNMP Vulnerability

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Issue is Out. Subscribe Now

Cyber express

CRIL


Follow Us On Google News

Never miss an update. Subscribe!

* indicates required

mailchimp

Latest Cyber News

DPRK’s Social Engineering Campaign Targets Think Tanks, Academia, and Media
Espionage

DPRK’s Social Engineering Campaign Targets Think Tanks, Academia, and Media

June 3, 2023
Billtrust Appoints Ankur Ahuja
Appointments

Billtrust Appoints Ankur Ahuja as SVP and Chief Information Security Officer

June 3, 2023
NoEscape Ransomware-as-a-Service (RaaS)
Dark Web News

NoEscape Ransomware-as-a-Service (RaaS): Triple-Extortion Affiliate Program Unveiled

June 3, 2023
SharpPanda APT Targets High-Level Government Officials From G20 Nations
Firewall Daily

SharpPanda APT Targets High-Level Government Officials From G20 Nations

June 2, 2023

Categories

Web Stories

Top 10 CISOs to Follow in 2023
Top 10 CISOs to Follow in 2023
Top 10 Ransomware Gangs in 2023
Top 10 Ransomware Gangs in 2023
Top 5 IoT Security Risks in 2023
Top 5 IoT Security Risks in 2023
Top 10 CTF Platforms in 2023
Top 10 CTF Platforms in 2023
Types of Risks Covered by Cyber Insurance
Types of Risks Covered by Cyber Insurance

About

The Cyber Express by Cyble

#1 Trending Cyber Security News and Magazine

The Cyber Express  by Cyble is a handbook for all stakeholders of the internet that provides information security professionals with the latest news, updates and knowledge they need to combat cyber threats.

 

Contact

For editorial queries: [email protected]

For marketing and Sales: [email protected]

For Events & Conferences related information: [email protected]

 

Quick Links

  • About Us
  • Advertise With Us
  • Contact Us
  • Editorial Calendar

Our Address

We’re remote friendly, with office locations around the world:

San Francisco, Atlanta, Rome,
Dubai, Mumbai, Bangalore, Hyderabad,  Singapore, Jakarta, Sydney, and Melbourne

 

Headquarters:

The Cyber Express LLC
555 North Point Center E
Alpharetta, GA 30022, USA.

 

India Office:

Cyber Express Media Network
HD-021, 4th Floor, C Wing, Building No.4. Nesco IT Park, WE Highway, Goregaon East, Mumbai, Maharashtra, India – 4000063

Subscribe to Our Feed

RSS Feeds

Follow Us On Google News
  • Privacy Statement
  • Terms of Use
  • Write For Us

© 2022 The Cyber Express (Cyber Security News and Magazine) | By Cyble Inc.

No Result
View All Result
  • Magazine
  • Firewall Daily
  • Essentials
    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • Events
    • World CyberCon Middle East 2023
    •  Cyber Security Webinar
    • Endorsed Events
  • Products
    • Cyble Vision
    • Cyble Hawk (LEA, Govt.)
    • Am I Breached
    • Cyble Odin (Beta)

© 2022 The Cyber Express (Cyber Security News and Magazine) | By Cyble Inc.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.
Top 10 CISOs to Follow in 2023 Top 10 Ransomware Gangs in 2023 Top 5 IoT Security Risks in 2023 Top 10 CTF Platforms in 2023 Types of Risks Covered by Cyber Insurance