A bug in Tesco’s popular Hudl tablet means attackers can access potentially sensitive personal information on the devices even after a factory reset, according to reports.
Ken Munro of Pen Test Partners managed to hack 10 Hudl tablets bought second hand off eBay in minutes, according to the BBC.
A flaw in the Rockchip processor’s firmware means hackers can read from as well as write to the device.
Munro apparently used a freely available software tool to hack the devices.
"Customers should always ensure all personal information is removed prior to giving away or selling any mobile device,” a Tesco spokesperson told the BBC.
“To guarantee this, customers should use a data wipe program."
The spokesperson added that any tablets returned to the store would have all personal data wiped, and claimed users who are concerned about privacy should visit the Get Safe Online website.
Meanwhile, Marc Rogers, principal researcher at Lookout, claimed that most manufacturers use Android’s built-in data wipe feature.
"But all that does is remove the index of where data is and does not delete data at all," he told the Beeb.
"As a security professional it blows my mind that people do not do this to get rid of the data."
Sven Boddington, vice president of client solutions at Teleplan, argued that as mobile devices become an indispensable part of modern life, so the data held on them has become increasingly sensitive.
“Businesses that process mobile devices such as smartphones and tablets for use as second hand products have a responsibility to the sellers, and buyers of these devices to ensure that the proper security procedures are applied so that personal data is thoroughly and permanently destroyed,” he commented.
“It’s not good enough to delete the personal data to only a ‘basic standard’ or worse still, not at all as there is an obligation to comply with data protection laws.”
One way to ensure compliance would be to meet industry standards like the Device Renewal Forum Certification Compliance criteria for Data Sanitization for mobile devices, he added.