Security Flaws of Second-Hand Phones Exposed

Security Flaws of Second-Hand Phones
Share on facebook
Share on twitter
Share on linkedin

Security researchers have published a report that exposes the potential security flaws found in second-hand phones that can undermine the integrity of the device and present cybercriminals with an avenue to take advantage. 

The news comes from Which, a popular consumer choice site in the UK, who says that while a second-hand device is a cost-effective means of obtaining a phone, it can also make you vulnerable to hackers. 

This is due to the fact that once a device reaches a certain age, its manufacturer stops releasing vital security updates for the device which can be taken advantage of by hackers and scammers alike. 

“We found nearly a third of second-hand mobile phones on some retailer sites may no longer be receiving security updates,” Which says, who conducted a survey. “62% of people think that a mobile phone is broken down for parts when it’s sent to recycling companies. Our investigation reveals that in most cases, these phones are refurbished and resold.” 

The authors added that “typically, mobile phones running the Android operating system will receive two years of operating system updates and three yearas of security updates. Updates issued to Apple iPhones usually package system and security updates together and, on average, you’ll receive these for 5-6 years.” 

They go on to list several popular devices that they believe readers will still possess, and should be aware of the fact that they are no longer receiving software or security updates. 

  • Apple iPhone 5
  • Google Pixel XL
  • Huawei P10
  • Samsung Galaxy A8 Plus 
  • Samsung Galaxy S7

Security Flaws of Second-Hand Phones

The report goes on to state that managing app permissions, avoiding apps from unofficial stores and unverified third-parties as well as learning how to recognise phishing attacks and scams are three strategies to ensure you’re more resilient to a cyber attack. 

“It’s common for apps to ask for permission to access personal data such as your contacts or location. But if an app is requesting seemingly unrelated information, that’s a red flag. A basic calculator app has no reason to read your memory card,” the authors state. 

“It may sound like a great deal to purchase and older and cheaper device, but unfortunately you can’t put a price on security,” explained Jake Moore of ESET cybersecurity. 

“Older phones notoriously have a use-by-date when they are no longer supported by security patches,” he told InfoSecurity Magazine. “These devices will often still work as normal on the surface, but threat actors can use older vulnerabilities under the hood to target their victims with ease, so those at risk must be reminded to check which operating system it currently supports before purchasing,” Moore concluded. 

Which, the website responsible for the survey and exploration into the second-hand phone market says that it has contacted two of the UK’s major retailers after finding that they were selling devices that no longer received security updates. 

“When approached with our research, both Music Magpie and SmartFoneStore agreed to do their part by warning people before they buy a mobile phone that isn’t getting updates. Music Magpie also pulled all the affected models from sale,” they add. 

Security Flaws of Second-Hand Phones

For more information on ISO 27001 – Information Security Management Systems – or for your free ISO 27001 Gap Analysis Checklist, please click here.

Subscribe to our Newsletter

Share this post with your friends

Share on linkedin
Share on facebook
Share on twitter
Share on google