Feeds

back to article Giving your old Tesco Hudl to Auntie June? READ THIS FIRST

UK supermarket Tesco’s Hudl tablet will offer up data from past users – even if it’s been factory reset. The Register spoke to Ken Munro from security firm Pen Test Partners, who said he'd bought 17 Hudls and AllWinner tablets from eBay and found that not only does the reset process not wipe all the data, it’s possible to …

Bronze badge

Oops.

It might be an idea to encrypt all data by default. Then the wipe process merely involves destroying the private encryption key, which takes no time at all. Like my iPad does.

6
10

Yes, because a £100 tablet should have all the features of a tablet which is 3-5x the cost.

As stated in the article, the CPU doesn't have hardware crypto - or enough grunt to do it on software

34
6
Bronze badge
Thumb Down

wow the downvotes already for a acceptable reply to an unfair comparison.

the fanbois are out in force !!!

Have an upvote on me

19
4
Bronze badge

Not all the features of a high end device are required on a bargain basement tablet. But a wipe operation that doesn't do the job is less than a feature. It's a bug. And a pernicious one at that.

17
2

Unless Hudl have disabled it

There should be an option to encrypt all your data.

Why this isn't turned on by default is maybe an argument - but this still falls into the category of 'user error'

1
0
Anonymous Coward

Buy cheap

pay twice

Once for the original product and once again when someone buys your tablet second hand and lifts all your card details

4
13
Bronze badge

Re: Buy cheap

Follow your sentiment and agree they're usually cheap for a reason, but to be honest I'm hesitant to trust my card details to any android slab. All those apps that keep asking for the front door key, tut tut.

5
1

Its not difficult to wipe 99% of the data from a device

The best way to wipe an Android device is to do a factory reset, completely fill the device with music or video podcast files and then do another factory reset. There may be fragments of old directory information left left but the majority of the data will be gone. This works because each location in flash memory can only contain data from one file and so when a device is full then to all intents and purposes the old data has gone.

3
2
Bronze badge
Paris Hilton

Re: Its not difficult to wipe 99% of the data from a device

But it's the <1% that you need to be worried about. I don't know how the Hudl for example reserves particular parts of the memory for system/secure data rather than general user data - photos, music etc.. But this might represent a significant hole? Perhaps someone who has more knowledge of the lower levels of these tablets might comment?

2
1
Silver badge

Re: Its not difficult to wipe 99% of the data from a device

Actually the best way is to do a factory reset, followed by placing it in a industrial crusher and burying the results in a foot of concrete.

But I admit your way may leave it more resellable (What do you mean you want to return it? I said it was complete, not assembled. And the concrete will make a very nice garden feature)

10
0

Re: Its not difficult to wipe 99% of the data from a device

But hey, you've got to do that 3-5 times before you're out of pocket

2
0
Bronze badge

Re: Its not difficult to wipe 99% of the data from a device

Depends where system cache and password files are stored on Android devices they may be in a different memory area to general music storage.Even if in the same srea I doubt the device would allow full memory use before baulking with some form of memory error.

0
0
Silver badge

Re: Its not difficult to wipe 99% of the data from a device

Or when the screen shattered on my Nexus 4, put a .30-06 round through it at 50 feet. I wish I'd had a slo-mo of that. It was magnificent.

0
1

And formatting a PC hard drive doesn't securely wipe it either. Is this really news, or just someone trying to sell their product?

4
3

"And formatting a PC hard drive doesn't securely wipe it either. Is this really news, or just someone trying to sell their product?"

MrWibble, I was thinking the same, I'd use 3rd party software to zero a drive the same as I would a phone or tablet or Mac...

2
0
Silver badge

The device has a feature called 'factory reset' that doesn't reset it to a factory state. That's different from having a feature called 'format the hard drive' which establishes the correct formatting on a hard drive. The first feature doesn't do what it promises, the second does what it promises but is sometimes falsely assumed to do something else as well.

That being said, it sounds like an easy bug to fix. A quick pop-up to explain that if the purpose is to remove confidential information then a full erase should be performed which will take X minutes rather than Y seconds and a couple of buttons would do it. It's such a fringe feature that it's probably not worth investing more time in than that.

4
0

I agreed

I'm a great big android fan-boy, but there's plenty of stuff that annoys me, and stuff like this is one of those things.

2
0
xyz

we had a similar problem with an old Kindle...

...that had been in the bath once too often. The only thing we could do with it was use an angle grinder and a lump hammer. Happy days.

2
0
Bronze badge

Re: we had a similar problem with an old Kindle...

"The only thing we could do with it was use an angle grinder and a lump hammer."

What, no attempt to answer the ultimate question, 'Will it blend'?

5
0

Re: we had a similar problem with an old Kindle...

Dear god, i nearly choked, thanks!

0
0

This post has been deleted by a moderator

Anonymous Coward

Port...

Cryptolocker from Windows. That keeps your files safe.

0
2

But you'd lose the previous owner's porn stash.

3
0
Silver badge
Childcatcher

Yeah

Segue into a randomly tacked-on and entirely believable Hollywood slasher scenario aka. "OMG STALKERS! Will nobody think of the CHILDREN"...?

Credibility lowered by serious amount.

14
0

This post has been deleted by a moderator

Anonymous Coward

My Auntie June

isn't into resurrecting deleted files, and stealing my log-ins, she has to be shown how to switch the tablet on, and wants to read her facebook and listen to Classic fm over the internet.

Anyone more savvy is unlikely to be using a Hudl to own people.

And if there is a person stalking a child, waiiting for the kid's parents to resell the kid's Hudl on ebay, let's go round their house and burn 'em out

2
2
Silver badge

Its for the freaking children!

This guy lost any credibility he had when he played the paedo card.

15
0

Oh hush

He clearly couldn't find any Islamic-tainted beheading videos, so he had to pick on this.

The entire security establishment is crying out for something non-think of the children/terrorist to justify snooping.

*personally* I think they should just go for the "android let me see your girlfriends tits" - but I'm not representative.

5
0
Bronze badge

Same as a PC

Because it is a PC !

So use simple wipe software, like a PC.

This is very old PC news dressed up as if it is something new.

2
0
Silver badge
Facepalm

Re: Same as a PC

"This is very old PC news dressed up as if it is something new."

Well, yeah, it's "on a mobile device" innit.

3
1
Bronze badge

Re: "on a mobile device"

Excellent. :-)

0
0
Anonymous Coward

Flash

How are the redundant "over-used" faulty areas erased on the flash storage?Are they hidden from user programs - or even the O/S?

0
0

Re: Flash

It all depends on the firmware in the Flash controller. I suspect that any faulty areas will be marked as unreadable, but would doubt that it'd go much beyond that. For example, performing an erase on a bad area WOULD wipe any stored info permanently, but I don't think any but the most paranoid, security-specific FW would go that extra yard.

If you run a zeroing utility on a spinning rust HDD, will it attempt to overwrite excluded bad blocks as well as the 'good' data / directories?

0
0
Bronze badge

Re: Flash

Addresses are translated by the flash controller, this is transparent to the OS. AIUI you'd need to reflash the firmware or replace the controller chip to gain access to the raw storage, although it's possible that there's an "engineering mode" the manufacturers aren't telling us about.

0
0
Bronze badge

ken arsehole monroe

ok.. I want to get some publicity from this crappy story.. what can I do…

aha … THINK OF THE CHILDREN !!

staklers…yeh yeh that'll do it.

prick.

6
0

This post has been deleted by a moderator

Bronze badge

It's not your auntie June you should be worried about

... it's who she passes it on to afterwards.

After all, auntie June is probably not going to have the elite hacker skills necessary to discover the undeleted files on the (emulated) sdcard. So you're safe for now. But only until she sells it on eBay for ££.99 (excl p&p).

And then you're both done for...

0
0
Silver badge
WTF?

Started off a logical enough article...

...after all, a factory reset that doesn't is pretty poor, especially if there is no obvious (non-geek) way to wipe important data from the machine.

Then Mr. Munro makes the illogical leap from a badly wiped tablet sold on eBay to providing information for weirdos to stalk your children (the obvious question is that this only means a damn if the purchaser is a kiddie stalker, has the knowledge of how to get into the device, and most importantly of all, lives nearby). As if this wasn't bad enough, somehow having end user information on a cheap supermarket tablet will automagically help a stalker avoid a police sting? How is this? Will it start playing the theme tune from The Bill whenever a cop car drives by?

Mr. Munro, you might have had a good and convincing argument if you warned adults about their login details, credit card information, etc being potentially accessible by the person the tablet is sold on to. But this half-assed "think of the children"? That's an even more desperate attempt than one would expect to see in The Daily Mail. So go away. Very far away. Preferably in a coffin. Thank you.

8
0
Bronze badge

I'm struggling to understand Munro

"It also helps the stalker avoid a police sting – a copper would not be using a cheap tablet to sting a stalker with! They would be using a carefully managed and secured PC in a police building somewhere."

I'm not exactly sure what is his point here?

Is he really scared of stalkers trawling eBay for old tablets in the hope some kiddie left it logged into Facebook? Start with the basics: every child in this country must attend school by law. So where do you think the children are? Doesn't need a fuckin social media account to figure out how to find kids.

4
0

This post has been deleted by a moderator

Re: I'm struggling to understand Munro

I think you should link this up, or drop the abuse.

2
1

This post has been deleted by a moderator

Re: I'm struggling to understand Munro

!

Seriously -- I can't find any reference to anything discreditable. He's a showman, that's apparently all.

0
0

I was beyond fuming

He points out that cheap tablets are often bought for children and by selling on a tablet which has the child’s social network data, the parent might be unwittingly aiding a stalker who could use the identity of the child to stalk other children

He appears to be channelling the collective mind (using the term loosely) of Mumsnet.

1
0

Can I patent this idea as it's on a mobile platform now?

1
0

when you sell the device change you pass words it not hard, thats google facebook and the so on .

no stalking then .it wont log in, the old certificates will be out of date. job done .

0
0

My daughter's Hudl stopped recharging - the microUSB port died (apparently this happens a lot to pre-Christmas rush Hudls). By the time I noticed it was almost out of charge - so I ported off what I could to the microSD card and then performed a Factory Reset - surprised that it didn't take very long - but since the battery finally completely expired a few minutes later, I didn't get chance to do much else with it.

It then went back to Tesco for a warranty replacement.

Have changed account passwords (as I had the admin acct on it, I changed hers and mine Google logins for example) - so hoping that even if this unit does get refurb'd, and the factory reset is potentially ineffectual, nobody will be able to login with the account details stored on the device.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon