People who sell their old Android smartphones are at risk of blackmail because private intimate photos are not being correctly wiped before sale.
Hundreds of naked selfies and intimate pictures were found on a batch of 20 Android phones bought through
A factory reset function appears on the smartphones, but standard forensic security tools can retrieve deleted information from older devices.
The researchers said they found more than 40,000 photos, including 750 photos of women "in various stages of undress" and 250 photos of male anatomy.
Details of the person's residence could also be traced using EXIF data embedded in the image file.
Four of the phones tested included the previous owners' identity in the file data.
One Reddit user said he had been contacted by someone who bought his phone, saying they had extracted "embarrassing" images from the device.
The factory reset function on older Android devices wipes the index that points to the locations where data is written, but forensic tools can still directly access storage areas.
That is because phones running Android 3.0 onwards offer a setting to encrypt the phone using a cryptographic key generated from a user's passcode.
A reset will then delete the key, rendering the data unreadable.
Newer Apple iPhones and iPads encrypt data by default using a software key which renders all data unreadable after a reset.
Most Popular Stories
- Doctor Who Christmas Episode Begins Production
- HCL America Adding 1,200 IT Jobs
- Medical Mfg. Jobs Coming to Dayton
- Michael Jackson, Freddie Mercury on Previously Unreleased Queen Cut
- Longtime Unemployed to Get Help in Las Vegas
- SpaceX Aims for Predawn Launch on Saturday
- Women Key to Democratic Party: Clinton
- U.S. Chamber Caught Up in Tax Inversion Question
- Feds Won't Say How Many Border Crossers Jailed
- Christie Didn't Order Bridge Shut Down, Feds Say