Mobile
News
2/3/2012
04:32 PM
Connect Directly
RSS
E-Mail
50%
50%

Motorola Tablet Goof: 4 Security Lessons For Users

Motorola accidentally shipped 100 refurbished tablets with old customer data still intact. Here's what you can do to ensure your information isn't sold by mistake.

Motorola alerted customers on Friday that it shipped about 100 refurbished Xoom tablets that were not completely cleared of the original owner's data prior to resale. The tablets were sold between October and December of 2011 through Woot.com. Oops.

According to Motorola, some of the compromised data potentially includes user names and passwords for email and social media accounts, as well as other password-protected sites and applications, and possibly even photographs and documents.

Though only 100 tablets were affected, Motorola is taking some pains to right this wrong.

[ Motorola's goof pales in comparison to these industry missteps. See 12 Epic Tech Fails Of 2011 . ]

First, Motorola is offering customers who purchased a Motorola Xoom Wi-Fi tablet between March and October 2011--and then returned it--a complimentary two-year membership of Experian's ProtectMyID Alert to mitigate any risks. Experian provides access to consumer credit data, and can be used as a tool to make sure the accidentally shared data is not put to nefarious use. The Xoom was available from a number of retailers during that period, including Amazon.com, Best Buy, BJ's Wholesale, eBay, Office Max, Radio Shack, Sam's Club, Staples, and others. If you bought one from the aforementioned retailers and returned it, best give Motorola (and Experian) a call.

Second, Motorola wants the not-completely-wiped Xoom tablets back. Motorola is asking those who purchased refurbished Xoom's from Woot.com between October and December 2011 to contact Motorola to see if it is among those affected. (Visit motorola.com/xoomreturn or call 1-800-734-5870 and select option 1.)

"Motorola sincerely regrets and apologizes for any inconvenience this situation has caused the affected customers," the company said in a statement. "Motorola is committed to rigorous data protection practices in order to protect its customers, and will continue to take the necessary steps to achieve this objective."

This type of thing shouldn't happen, but it did. Motorola appears to be doing the right thing. Kudos to its team for getting the word out there and looking to protect the security of its customers. Of course, it would have been nice if Motorola noticed this whole foul-up a little sooner, as some of the affected devices have been in circulation for four or more months.

This could have been prevented by the users, however. Here's how:

1. Factory reset. Every Android device can be returned to factory condition via the privacy tools. It's pretty easy to do. I do it every time I send a review unit back to the manufacturer. This removes all the account data from all the apps, removes user-downloaded apps, and returns the device's software to an "as-new" condition. It is in a slightly different spot on most Android devices, but is often located in: Settings -> Privacy -> Factory Data Reset.

2. Erase the memory card. This can be easy to forget. There's a little check box in the factory reset process (but only some of the time) that asks if you want to erase the memory card, too. Make sure you check it. That way, apps that you've moved to the memory card--as well as photos, music files, documents, etc.--are erased. Better yet, pull the memory card out, stick it into a computer and reformat it. Better still, just take the memory card out altogether and keep it.

3. Change passwords often. If user data is somehow mysteriously intact after both users and the manufacturer refreshes a device, another tool to help keep yourself protected is to change up your password. For example, I change my Google Account password every month. This way, even if someone gets an old device of mine, they probably won't be able to access my key information.

4. Encrypt your device. Not all devices offer encryption, but Motorola tablets definitely do. Encrypting the device is available through the security settings. The belief is that even if you reset an encrypted device to factory conditions, any user data left on the device would be so jumbled as to be unusable.

InformationWeek is surveying IT executives on global IT strategies. Upon completion of our survey, you will be eligible to enter a drawing to receive an Apple 16-GB iPad 2. Take our 2012 Global CIO Survey now. Survey ends Feb. 7.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Bprince
50%
50%
Bprince,
User Rank: Apprentice
2/4/2012 | 11:21:12 PM
re: Motorola Tablet Goof: 4 Security Lessons For Users
There is an important lesson here too for all business, and that's to have a good process for managing the retirement of devices. I remember a NASA audit a few years ago uncovered similar issues, where computers had been sold to the public without being properly wiped.
Brian Prince, InformationWeek/Dark Reading Comment Moderator
vertical2010
50%
50%
vertical2010,
User Rank: Apprentice
2/4/2012 | 8:23:46 PM
re: Motorola Tablet Goof: 4 Security Lessons For Users
No, Motorola did NOT do the right thing. This sort of casual treatment of vital personal data will not stop until there is a serious financial penalty for such negligence. What Motorola has done is a good start, but just that.

The victims involved should be compensated by Motorola for the all the worry and emotional distress it has caused them - for years to come. I suggest in the neighborhood of $10K each. Otherwise I would advise every victim to sue in small claims court to the maximum limit allowed. Even if there are no actual indications of identity theft yet, you can sue for the distress and need to continuously monitor your credit and reputation for years to come.

All companies that we entrust with our personal data must learn to take it very seriously.
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July14, 2014
Our new survey shows growing demand, flat budgets, and CIOs looking to cloud providers -- not to offload services, but to steal ideas.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join InformationWeek’s Lorna Garey and Mike Healey, president of Yeoman Technology Group, an engineering and research firm focused on maximizing technology investments, to discuss the right way to go digital.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.