WASHINGTON — As manufacturers continue to roll out new smartphones, luring customers to ditch their old phones, data security experts warn that improperly disposed phones can be mined for personal data by hackers in the U.S. and abroad.
"Improper cellphone disposal is an ongoing problem and it's a huge issue," said Nick Akerman, partner and data security expert at Dorsey & Whitney. "People have more information on their cellphones than they do at home – once you have somebody's cellphone you have someone's entire life."
The Environmental Protection Agency reports more than 416,000 cellphones are disposed of every day and almost 40% of cellphone users fail to take any security measures, such as erasing their data before disposing of it, according to ConsumerReports.Org.
"Most people forget to wipe their cellphones before they get rid of them," stated Dan Guido, Co-Founder and CEO of Trail of Bits, an information security company that specializes in security defense. "You should always set your phone to factory settings before giving it away."
According to the EPA, the average American is expected to buy a new cellphone every 24 months. After new cellphones are purchased, old phones are either recycled or trashed. In most cases, they end up on an offshore landfill, according to a study from the Basel Action Network, a non-profit that opposes shipping waste from rich to poor countries. More than 80% of e-waste is exported to Asia where workers break down electronic devices for metals, particularly gold and silver.
Without federal regulations on proper handling procedures, there is no way to assure consumers a best practice for e-cycling. Currently the EPA does not have any data on the amount of e-waste being exported — only data on how much is being recycled, which for cellphones is less than 10%.
In 2013, a bipartisan group of lawmakers introduced in the House and Senate theResponsible Electronics Recycling Act, which would prohibit U.S. recycling companies from exporting e-waste and would set waste management standards. But the bill has not moved in either chamber.
"I'm surprised it hasn't moved in Congress yet," Akerman said. "The real issue with data breach is legislation has to be passed to put rules in place."
John Shegerian, CEO of Electronic Recyclers International, argues without proper handling of electronic disposal everyone is at risk. "Companies and governments are throwing their reputations in the trash. When they dispose of their devices it's being handled inappropriately, therefore making them an easy target for data breach."
Some U.S. states have taken matters into their own hands. According to the National Center for Electronic Recycling, 25 states have created e-cycling laws.
The fastest growing issue for EPA is e-waste, the agency's website claims, and with little to no monitoring, it's the consumer's responsibility to secure their information.
"What you need to do before you hand off your old cellphone is wipe off all your personal data," said Kevin Haley, director of Product Management for Symantec Security Response. "Improper use of disposing your cellphone is a risk and it's real."
Charmaine Crutchfield, USA TODAY 12:55 p.m. EST November 10, 2014
http://www.usatoday.com/story/news/nation/2014/11/10/smart-phone-security-risks/18798709/