Explosion Of BlackBerry Trading In Nigeria – Data Theft

Use Netsparker


The number of Crackberry Blackberry users is increasing exponentially – especially since they released the much sexier Bold and the latest touch-screen Storm.

The latest revelation is that used BlackBerries are being traded, not by the value of the phone but by the value of the data contained on the phone!

It just shows most companies still don’t have responsible disposal policies when it comes to releasing old equipment and making sure it’s wiped of data or destroyed.

A TV investigation has revealed that secondhand BlackBerries on Nigerian markets are priced according to the data held on them, not the age or the model of a phone.

Jon Godfrey, director of Sims LifeCycle Services, who is advising on a TV investigation into the trade due to screen later this year, said that BlackBerries sell for between $25 to $65 on Lagos markets. Details of the trade come from an agent in Nigeria unaffiliated to Sims’ technology recycling business.

Godfrey explained that the smart phones offered for sale come from the US, continental Europe and the UK. “It’s unclear as yet whether the phones are either sold, thrown away, lost or stolen,” Godfrey explained.

Other type of smartphone are also of potential interest to data thieves, but it is the trade in BlackBerries that seems to be the most active. Data retrieved from smartphones is itraded by crooks in Nigeria.

I’d imagine the phones are older models sold off by lot from companies upgrading to the newer versions of the BlackBerry.

The BlackBerry is a wise choice for data thieves as it’s more likely to be used for business purposes and contain important e-mail information.

Other smart phones would be used more for media and leisure purposes.

BlackBerries include technology to remotely wipe devices and come with built-in encryption. But this encryption is often left switched off because it is considered an inconvenience.

“Business critical data is left on unprotected devices,” Godfrey explained. “Anyone who gets these devices will obtain a snapshot of someone’s life.”

“People need to take residual data issues more seriously and have a policy on how to use and dispose of devices,” he added.

According to a survey by endpoint security firm Credant Technologies, four in five mobile phone users store information on their phones that might easily be used to steal their identities. A survey of 600 commuters at London railway stations revealed that 16 per cent kept their bank account details saved on their mobiles, while 24 per cent also saved their PIN numbers and passwords in the same insecure manner. One in 10 (11 per cent) keep social security and inland revenue details on their phone. Two in five fail to take even basic security precautions, such as password protecting their devices.

It’s scary the amount of people that keep really important stuff in their phones like their bank PIN numbers, banking passwords, passport numbers, social security info and much more.

And only 3 out of 5 take some basic security precautions like passwording their device, that means the number who actually encrypt their data and secure it properly would be less than 5%.

Source: The Register

Posted in: Cryptography, Hardware Hacking, Privacy

, , ,


Latest Posts:


CloudFrunt - Identify Misconfigured CloudFront Domains CloudFrunt – Identify Misconfigured CloudFront Domains
CloudFrunt is a Python-based tool for identifying misconfigured CloudFront domains, it uses DNS and looks for CNAMEs which may be allowed to be associated with CloudFront distributions.
Airbash - Fully Automated WPA PSK Handshake Capture Script Airbash – Fully Automated WPA PSK Handshake Capture Script
Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing, it is compatible with Bash and Android Shell.
XXEinjector - Automatic XXE Injection Tool For Exploitation XXEinjector – Automatic XXE Injection Tool For Exploitation
XXEinjector is an XXE Injection Tool that automates retrieving files using direct and out of band methods. Directory listing only works in Java applications.
Yahoo! Fined 35 Million USD For Late Disclosure Of Hack Yahoo! Fined 35 Million USD For Late Disclosure Of Hack
Ah Yahoo! in trouble again, this time the news is Yahoo! fined for 35 million USD by the SEC for the 2 year delayed disclosure of the massive hack, we actually reported on the incident in 2016 when it became public.
Drupwn - Drupal Enumeration Tool & Security Scanner Drupwn – Drupal Enumeration Tool & Security Scanner
Drupwn is a Python-based Drupal Enumeration Tool that also includes an exploit mode, which can check for and exploit relevant CVEs.
MyEtherWallet DNS Hack Causes 17 Million USD User Loss MyEtherWallet DNS Hack Causes 17 Million USD User Loss
Big news in the crypto scene this week was that the MyEtherWallet DNS Hack that occured managed to collect about $17 Million USD worth of Ethereum in just a few hours.


2 Responses to Explosion Of BlackBerry Trading In Nigeria – Data Theft

  1. Alexander Sverdlov May 8, 2009 at 11:41 am #

    I wonder if that warning will ever reach corporate America (or WW?)
    Whatever the purpose fo BBs, or HDDs sold to malicious hands, most corporations will never learn. Good thing is at least some (the one I’m working in as example) prohibit sale of non-wiped devices (wiped as in wiped, not just formatted).

  2. ethicalhack3r May 8, 2009 at 5:07 pm #

    You would think that the people in charge of upgrading the hardware would be trained IT profecionals (network engineers) and the people advising them would be security profecionals. They must be well aware of the dangers of not wiping storage devices, so then they must be doing it either out of lack of time or plain lazzynes.