Deleted cloud files can be recovered from smartphones, researchers find

Researchers recover Word docs, PDFs, and more data wiped from Box, Dropbox, and SugarSync with iPhone, Android devices

If you think the files you delete from your mobile device and file-sharing service are really gone for good, think again. Researchers from the University of Glasgow have discovered that they could fully recover images, audio files, PDFs, and Word documents deleted from Dropbox, Box, and SugarSync, using both an HTC Android smartphone and an iPhone.

The revelation, outlined in a report titled "Using Smartphones as a Proxy for Forensic Evidence contained in Cloud Storage," represents an excellent example as to why companies need to approach both BYOD and cloud adoption with care. In and of themselves, neither end-user mobile devices nor mainstream, consumer-focused file-sharing services are equipped with enterprise-level security, yet employees of all stripes are increasingly using both for work as well as pleasure. Together, they can create perfect storm for data insecurity, as these research results demonstrate.

For the test, researchers George Grispos, Brad Glisson, and Tim Storer created 20 different files of varying types: MP3, MP4,JPG, DOCX, and PDF. They uploaded the files to those services from a Windows 7 PC, then synced up the files with their test devices. From there, they accessed and manipulated the files in various ways, ranging from viewing or playing the files in online mode once to saving them for offline access. They then processed the devices with Universal Forensic Extraction Device (UFED), after which they used forensic tools to extract the files and artifacts from the resulting memory dumps.

Here are the paraphrased findings:

On the HTC Desire, both deleted and available files were recovered. The forensic toolkits recovered nine files from Dropbox, fifteen from Box and eleven from SugarSync. On the iPhone, depending on application and device manipulation either five or seven files were recovered from Dropbox, seven or fifteen from SugarSync and five from Box. No deleted application files were recovered from the iPhone.

Certain files types were recovered more than other file types. For example, the results show that JPEG images produced thumbnails on the device, and very few mp3 and mp4 files were present on either device. It is also interesting to note that more deleted files were recovered from Box than Dropbox or SugarSync on the HTC Desire; while this pattern did not hold true for the iPhone.

Also of note: The researchers were able to recover metadata -- transactional logs containing user activity, metadata related to the files in the storage service, and information about the user of the application -- from all of the applications on both devices.

Additionally, the researchers found that for the most part clearing an application's cache made a difference, resulting in fewer files being recovered. ("The Box application on the iPhone was the only application where there was no difference in the number of files recovered from the active power state and the cache cleared state," according to the report.)

Finally, researchers found that user actions on certain files types affected whether or not they could be recovered. "For example, if a file has been viewed using the smartphone, there is the opportunity for it to be recovered using forensic toolkits ... provided that the user has not deleted the file or cleared the application's cache."

In terms of operating system, the HTC Desire was running Android Version 2.1. The iPhone was running iOS Version 3. The researchers said they selected the devices based on the cloud-storage services that had apps compatible with both operating systems. They specifically used Dropbox (iOS version 1.4.7, Android version 2.1.3); Box (iOS version 2.7.1, Android version 1.6.7); and SugarSync (iOS version 3.0, Android version 3.6).

The researchers acknowledged that more work needs to be done to determine how widespread a problem this might be. For example, might it affect hardware running more recent versions of Android and iOS? What about other platforms, such as Windows Phone or BlackBerry? How about tablets or other mobile form factors? Also, what about cloud-based services out there, both for consumers and businesses?

Researchers will certainly continue to study the vulnerabilities, but companies with the resources would be well served to dig into the issues themselves to ensure that the next time Rick in Sales leaves his iPhone or Android device in a taxi, he doesn't end up leaking the next quarter's sales projections.

This story, "Deleted cloud files can be recovered from smartphones, researchers find," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Join the discussion
Be the first to comment on this article. Our Commenting Policies